PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.
The machine learning community has seen an explosion in the sophistication of adversarial attacks against deep neural network-based computer vision models. In particular, researchers have successfully used adversarial patterns to trigger false positive or false negative results in both research and real-world settings. However, researchers have not yet codified performance metrics for evaluating the efficacy of attack techniques. This evaluation is needed to adequately assess performance improvements of novel adversarial attack methods. This study aims to contribute the following: adversarial pattern performance metrics, demonstration of each metric’s strengths and contributions on a case study, and an initial standardized performance evaluation strategy for novel adversarial pattern attacks. We train state-of-the-art deep neural network-based object detection models on an open-source dataset. We then use these trained models to evaluate trained adversarial patterns for both false positive and false negative attacks and evaluate their performance using our suite of metrics in order to establish and codify a workflow to be used when evaluating future adversarial pattern algorithms.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.
The alert did not successfully save. Please try again later.
Savanna Smith, Shunta Muto, Anna Evans, Chris M. Ward, Josh Harguess, Emily Holt, "Metrics for evaluating adversarial attack patterns," Proc. SPIE 12099, Geospatial Informatics XII, 120990D (27 May 2022); https://doi.org/10.1117/12.2624452