中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/92474
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 78937/78937 (100%)
Visitors : 39425211      Online Users : 310
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/92474


    Title: 基於擴散模型的自然對抗補丁生成;Diffusion to Confusion: Naturalistic Adversarial Patch Generation Based on Diffusion Model for Object Detector
    Authors: 林碩彥;Lin, Shuo-Yen
    Contributors: 資訊工程學系
    Keywords: 擴散模型;對抗補丁;對抗攻擊;物件偵測;攻擊物件偵測器;深度生成模型;Diffusion Model;Adversarial Patch;Adversarial Attack;Object Detection;Attack Object Detector;Deep Generative Model
    Date: 2023-07-11
    Issue Date: 2023-10-04 16:02:35 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 為了保障個人隱私資料免受不法份子惡意使用物件偵測器進行監控,近年來已經有許多物理對抗補丁生成方法被提出。然而,這些方法往往需要進行大量的超參數調整,並且必須在達到足夠的攻擊效果同時不被他人察覺。因此,生成外觀令人滿意的補丁圖像仍然是一個具有挑戰性的問題。為了解決這個問題,本研究提出了一種基於擴散模型(Diffusion Model)的新型自然對抗補丁生成方法。通過在自然圖像上預訓練的擴散模型中採樣最佳圖像,我們可以穩健地製作出高品質且外觀自然的對抗補丁,而避免其他深度生成模型所遇到的嚴重模式崩潰問題。據我們所知,本研究是第一個針對物件偵測器提出基於擴散模型的物理對抗性補丁生成方法。此外,通過廣泛的定量、定性和主觀實驗,我們發現相比於其他最先進的補丁生成方法,我們的方法可以有效地生成品質更好、更自然的對抗補丁,同時實現出色的攻擊性能;Numerous physical adversarial patch generation methods have been proposed to protect personal privacy from malicious monitoring using object detectors. However, these methods often fall short of generating satisfactory patch images in terms of both stealthiness and attack performance without extensive hyperparameter tuning. To address this issue, we propose a novel naturalistic adversarial patch generation method based on diffusion models (DM). By sampling the optimal image from a DM model pre-trained on natural images, we can craft high-quality and naturalistic physical adversarial patches in a stable manner, without suffering from the serious mode collapse problems that plague other deep generative models. To the best of our knowledge, we are the first to propose a DM-based naturalistic adversarial patch generation method for object detectors. Extensive quantitative, qualitative, and subjective experiments demonstrate that our approach is effective in generating better-quality and more naturalistic adversarial patches while achieving acceptable attack performance compared to other state-of-the-art patch generation methods. Additionally, we show various generation trade-offs under different conditions
    Appears in Collections:[Graduate Institute of Computer Science and Information Engineering] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML38View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明