Towards Adversarial Patch Analysis and Certified Defense against Crowd Counting
@article{Wu2021TowardsAP,
title={Towards Adversarial Patch Analysis and Certified Defense against Crowd Counting},
author={Qiming Wu and Zhikang Zou and Pan Zhou and Xiaoqing Ye and Binghui Wang and Ang Li},
journal={Proceedings of the 29th ACM International Conference on Multimedia},
year={2021}
}Crowd counting has drawn much attention due to its importance in safety-critical surveillance systems. Especially, deep neural network (DNN) methods have significantly reduced estimation errors for crowd counting missions. Recent studies have demonstrated that DNNs are vulnerable to adversarial attacks, i.e., normal images with human-imperceptible perturbations could mislead DNNs to make false predictions. In this work, we propose a robust attack strategy called Adversarial Patch Attack withβ¦Β
Figures and Tables from this paper
3 Citations
Harnessing Perceptual Adversarial Patches for Crowd Counting
- Computer ScienceCCS
- 2022
The Perceptual Adversarial Patch generation framework is proposed to tailor the adversarial perturbations for crowd counting scenes using the model-shared perceptual features and an adaptive crowd density weighting approach is handcrafted to capture the invariant scale perception features across various models.
Backdoor Attacks on Crowd Counting
- Computer ScienceACM Multimedia
- 2022
This paper proposes two novel Density Manipulation Backdoor Attacks (DMBA- and DMBA+) to attack the model to produce arbitrarily large or small density estimations, and provides an in-depth analysis of the unique challenges of backdooring crowd counting models.
Rethinking Spatial Invariance of Convolutional Networks for Object Counting
- Computer Science2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)
- 2022
Inspired by previous work, this work proposes a low-rank approximation accompanied with translation invariance to favorably implement the approximation of massive Gaussian convolution to improve the spatial invariance of convolutional networks.
References
SHOWING 1-10 OF 64 REFERENCES
CSRNet: Dilated Convolutional Neural Networks for Understanding the Highly Congested Scenes
- Computer Science2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition
- 2018
We propose a network for Congested Scene Recognition called CSRNet to provide a data-driven and deep learning method that can understand highly congested scenes and perform accurate count estimationβ¦
Single-Image Crowd Counting via Multi-Column Convolutional Neural Network
- Computer Science2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR)
- 2016
With the proposed simple MCNN model, the method outperforms all existing methods and experiments show that the model, once trained on one dataset, can be readily transferred to a new dataset.
DA-Net: Learning the Fine-Grained Density Distribution With Deformation Aggregation Network
- Computer ScienceIEEE Access
- 2018
The deformation aggregation network (DA-Net) is proposed that can incrementally incorporate adaptive receptive fields to capture the fine-grained density distribution and delivers the state-of-the-art performance on four benchmarks.
Context-Aware Crowd Counting
- Computer Science2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)
- 2019
This paper introduces an end-to-end trainable deep architecture that combines features obtained using multiple receptive field sizes and learns the importance of each such feature at each image location, which yields an algorithm that outperforms state-of-the-art crowd counting methods, especially when perspective effects are strong.
CNN-Based cascaded multi-task learning of high-level prior and density estimation for crowd counting
- Computer Science2017 14th IEEE International Conference on Advanced Video and Signal Based Surveillance (AVSS)
- 2017
A novel end-to-end cascaded network of CNNs to jointly learn crowd count classification and density map estimation achieves lower count error and better quality density maps as compared to the recent state-of-the-art methods.
Explaining and Harnessing Adversarial Examples
- Computer ScienceICLR
- 2015
It is argued that the primary cause of neural networks' vulnerability to adversarial perturbation is their linear nature, supported by new quantitative results while giving the first explanation of the most intriguing fact about them: their generalization across architectures and training sets.
Design and Interpretation of Universal Adversarial Patches in Face Detection
- Computer ScienceECCV
- 2020
This work investigates a phenomenon: patches designed to suppress real face detection appear face-like, which holds generally across different initialization, locations, scales of patches, backbones, and state-of-the-art face detection frameworks.
Using Depth for Pixel-Wise Detection of Adversarial Attacks in Crowd Counting
- Computer ScienceArXiv
- 2019
This paper investigates the effectiveness of existing attack strategies on crowd-counting networks, and introduces a simple yet effective pixel-wise detection mechanism that significantly outperforms heuristic and uncertainty-based strategies.
Robustness Certificates for Sparse Adversarial Attacks by Randomized Ablation
- Computer ScienceAAAI
- 2020
This paper proposes an efficient and certifiably robust defense against sparse adversarial attacks by randomly ablating input features, rather than using additive noise, and empirically demonstrates that the classifier is highly robust to modern sparse adversarian attacks on MNIST.
Attentional Neural Fields for Crowd Counting
- Computer Science2019 IEEE/CVF International Conference on Computer Vision (ICCV)
- 2019
The CRFs coupled with the attention mechanism are seamlessly integrated into the encoder-decoder network, establishing an ANF that can be optimized end-to-end by back propagation, surpassing most previous methods.