| With the continuous development of artificial intelligence technology,convolutional neural networks have achieved extremely high recognition and detection accuracy in computer vision tasks such as image recognition and object detection,but adding some tiny perturbations to the image can cause prediction errors of convolutional neural networks,resulting in a significant reduction in the accuracy of convolutional neural networks,this process is called adversarial attack,and images with added perturbations are called adversarial example.At present,some research works start from the perspective of physical adversarial example,print adversarial perturbations and attach them to real attack target objects,so as to realize adversarial attack on target models in real attack scenarios.However,in the actual attack scenario,the observation device may observe the attack object from different perspectives and obtain the attack object image in different postures,but the existing physical adversarial attack methods cannot stably affect the recognition and detection results of convolutional neural networks in the face of perspective change,resulting in its great limitation in the actual attack scenario,and there is still a big gap from the practical application in the real world.To solve the above problems,this thesis proposes a robust adversarial perturbation synthesis method under the scenario of continuous changing perspective,and when the relative position of the physical object and the intelligent observation device changes,the synthesized adversarial perturbation can continuously and stably affect the recognition and detection results of the intelligent model.The main work of this thesis consists of the following three parts:(1)We research the perturbation boundary corner coordinates tracking method based on pyramid optical flow method under continuous transformation perspective to obtain the patch boundary corner coordinates in attack object images under different perspectives,in order to provide necessary position information for perspective transformation of patch;(2)We research the posture simulation transformation method based on perspective projection method to obtain the corresponding patch posture under different viewpoints,so that the transformed patch posture is consistent with the real shooting scene,and the attack object adversarial example under different shooting angles is obtained;(3)We research the multi-view object example adversarial loss fusion method to synthesize the continuous transform perspective robust adversarial perturbation,so that the generated adversarial perturbation can maintain the robustness of the perspective transformation,and can continuously and stably attack the object under different perspectives.In the experiment,this thesis uses the aerial vehicle video selected in the VTUAV dataset and selfie vehicle video as experimental data,and conducts white box attack experiments in the continuous changing perspective scenario for the image recognition network and the object detection network in the digital environment and the physical environment,respectively,compared with the classical physical attack method,the proposed method achieves better attack performance in the continuous changing perspective scene,which verifies the robustness of the proposed method for perspective transformation. |
PDF Full Text Request