References & Citations
Computer Science > Computer Vision and Pattern Recognition
Title: Multi-Expert Adversarial Attack Detection in Person Re-identification Using Context Inconsistency
(Submitted on 23 Aug 2021 (v1), last revised 1 Apr 2022 (this version, v2))
Abstract: The success of deep neural networks (DNNs) has promoted the widespread applications of person re-identification (ReID). However, ReID systems inherit the vulnerability of DNNs to malicious attacks of visually inconspicuous adversarial perturbations. Detection of adversarial attacks is, therefore, a fundamental requirement for robust ReID systems. In this work, we propose a Multi-Expert Adversarial Attack Detection (MEAAD) approach to achieve this goal by checking context inconsistency, which is suitable for any DNN-based ReID systems. Specifically, three kinds of context inconsistencies caused by adversarial attacks are employed to learn a detector for distinguishing the perturbed examples, i.e., a) the embedding distances between a perturbed query person image and its top-K retrievals are generally larger than those between a benign query image and its top-K retrievals, b) the embedding distances among the top-K retrievals of a perturbed query image are larger than those of a benign query image, c) the top-K retrievals of a benign query image obtained with multiple expert ReID models tend to be consistent, which is not preserved when attacks are present. Extensive experiments on the Market1501 and DukeMTMC-ReID datasets show that, as the first adversarial attack detection approach for ReID, MEAAD effectively detects various adversarial attacks and achieves high ROC-AUC (over 97.5%).
Submission history
From: Xueping Wang [view email][v1] Mon, 23 Aug 2021 01:59:09 GMT (613kb,D)
[v2] Fri, 1 Apr 2022 01:23:56 GMT (610kb,D)
Link back to: arXiv, form interface, contact.