Gao, R., Guo, Q., Juefei-Xu, F., Yu, H., Fu, H., Feng, W., Liu, Y., &amp; Wang, S. (2022). Can You Spot the Chameleon? Adversarially Camouflaging Images from Co-Salient Object Detection. 2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). https://doi.org/10.1109/cvpr52688.2022.00219
Co-salient object detection (CoSOD) has recently achieved significant progress and played a key role in retrieval-related tasks. However, it inevitably poses an entirely new safety and security issue, i.e., highly personal and sensitive content can potentially be extracting by powerful CoSOD methods. In this paper, we address this problem from the perspective of adversarial attacks and identify a novel task: adversarial co-saliency attack. Specially, given an image selected from a group of images containing some common and salient objects, we aim to generate an adversarial version that can mislead CoSOD methods to predict incorrect co-salient regions. Note that, compared with general white-box adversarial attacks for classification, this new task faces two additional challenges: (1) low success rate due to the diverse appearance of images in the group; (2) low transferability across CoSOD methods due to the considerable difference between CoSOD pipelines. To address these challenges, we propose the very first blackbox joint adversarial exposure and noise attack (Jadena), where we jointly and locally tune the exposure and additive perturbations of the image according to a newly designed high-feature-level contrast-sensitive loss function. Our method, without any information on the state-of-the-art CoSOD methods, leads to significant performance degradation on various co-saliency detection datasets and makes the co-salient objects undetectable. This can have strong practical benefits in properly securing the large number of personal photos currently shared on the Internet. Moreover, our method is potential to be utilized as a metric for evaluating the robustness of CoSOD methods.
This research / project is supported by the A*STAR - AI3 HTPO Seed Fund
Grant Reference no. : C211118012
This research / project is supported by the National Research Foundation - AI SIngapore Programme
Grant Reference no. : AISG2-RP-2020-019
This research / project is supported by the National Research Foundation - Singapore National Cybersecurity R&D Program
Grant Reference no. : NRF2018NCR-NCR005-0001
This research / project is supported by the National Research Foundation - National Satellite of Excellence in Trustworthy Software System
Grant Reference no. : NRF2018NCR-NSOE003-0001
This research / project is supported by the National Research Foundation - Investigatorship
Grant Reference no. : NRFI06-2020-0022-0001
This work was supported by the National Key Research and Development Program of China (No. 2020YFC1522700), the National Natural Science Foundation of China (No. 62072334) and the General
Project of Tianjin (No. 18JCYBJC15200).