Towards Adversarial Patch Analysis and Certified Defense against Crowd Counting

  title={Towards Adversarial Patch Analysis and Certified Defense against Crowd Counting},
  author={Qiming Wu and Zhikang Zou and Pan Zhou and Xiaoqing Ye and Binghui Wang and Ang Li},
  journal={Proceedings of the 29th ACM International Conference on Multimedia},
  • Qiming WuZhikang Zou Ang Li
  • Published 22 April 2021
  • Computer Science
  • Proceedings of the 29th ACM International Conference on Multimedia
Crowd counting has drawn much attention due to its importance in safety-critical surveillance systems. Especially, deep neural network (DNN) methods have significantly reduced estimation errors for crowd counting missions. Recent studies have demonstrated that DNNs are vulnerable to adversarial attacks, i.e., normal images with human-imperceptible perturbations could mislead DNNs to make false predictions. In this work, we propose a robust attack strategy called Adversarial Patch Attack with… 

Figures and Tables from this paper

Harnessing Perceptual Adversarial Patches for Crowd Counting

The Perceptual Adversarial Patch generation framework is proposed to tailor the adversarial perturbations for crowd counting scenes using the model-shared perceptual features and an adaptive crowd density weighting approach is handcrafted to capture the invariant scale perception features across various models.

Backdoor Attacks on Crowd Counting

This paper proposes two novel Density Manipulation Backdoor Attacks (DMBA- and DMBA+) to attack the model to produce arbitrarily large or small density estimations, and provides an in-depth analysis of the unique challenges of backdooring crowd counting models.

Rethinking Spatial Invariance of Convolutional Networks for Object Counting

Inspired by previous work, this work proposes a low-rank approximation accompanied with translation invariance to favorably implement the approximation of massive Gaussian convolution to improve the spatial invariance of convolutional networks.



CSRNet: Dilated Convolutional Neural Networks for Understanding the Highly Congested Scenes

We propose a network for Congested Scene Recognition called CSRNet to provide a data-driven and deep learning method that can understand highly congested scenes and perform accurate count estimation…

Single-Image Crowd Counting via Multi-Column Convolutional Neural Network

With the proposed simple MCNN model, the method outperforms all existing methods and experiments show that the model, once trained on one dataset, can be readily transferred to a new dataset.

DA-Net: Learning the Fine-Grained Density Distribution With Deformation Aggregation Network

The deformation aggregation network (DA-Net) is proposed that can incrementally incorporate adaptive receptive fields to capture the fine-grained density distribution and delivers the state-of-the-art performance on four benchmarks.

Context-Aware Crowd Counting

This paper introduces an end-to-end trainable deep architecture that combines features obtained using multiple receptive field sizes and learns the importance of each such feature at each image location, which yields an algorithm that outperforms state-of-the-art crowd counting methods, especially when perspective effects are strong.

CNN-Based cascaded multi-task learning of high-level prior and density estimation for crowd counting

A novel end-to-end cascaded network of CNNs to jointly learn crowd count classification and density map estimation achieves lower count error and better quality density maps as compared to the recent state-of-the-art methods.

Explaining and Harnessing Adversarial Examples

It is argued that the primary cause of neural networks' vulnerability to adversarial perturbation is their linear nature, supported by new quantitative results while giving the first explanation of the most intriguing fact about them: their generalization across architectures and training sets.

Design and Interpretation of Universal Adversarial Patches in Face Detection

This work investigates a phenomenon: patches designed to suppress real face detection appear face-like, which holds generally across different initialization, locations, scales of patches, backbones, and state-of-the-art face detection frameworks.

Using Depth for Pixel-Wise Detection of Adversarial Attacks in Crowd Counting

This paper investigates the effectiveness of existing attack strategies on crowd-counting networks, and introduces a simple yet effective pixel-wise detection mechanism that significantly outperforms heuristic and uncertainty-based strategies.

Robustness Certificates for Sparse Adversarial Attacks by Randomized Ablation

This paper proposes an efficient and certifiably robust defense against sparse adversarial attacks by randomly ablating input features, rather than using additive noise, and empirically demonstrates that the classifier is highly robust to modern sparse adversarian attacks on MNIST.

Attentional Neural Fields for Crowd Counting

The CRFs coupled with the attention mechanism are seamlessly integrated into the encoder-decoder network, establishing an ANF that can be optimized end-to-end by back propagation, surpassing most previous methods.