arXiv Analytics

Sign in

arXiv:1911.00927 [cs.CV]AbstractReferencesReviewsResources

Spot Evasion Attacks: Adversarial Examples for License Plate Recognition Systems with Convolution Neural Networks

Ya-guan Qian, Dan-feng Ma, Bin Wang, Jun Pan, Jian-Hai Chen, Jia-Min Wang, Jing-Sheng Lei

Published 2019-10-27Version 1

Recent studies have shown convolution neural networks (CNNs) for image recognition are vulnerable to evasion attacks with carefully manipulated adversarial examples. Previous work primarily focused on how to generate adversarial examples closed to source images, by introducing pixel-level perturbations into the whole or specific part of images. In this paper, we propose an evasion attack on CNN classifiers in the context of License Plate Recognition (LPR), which adds predetermined perturbations to specific regions of license plate images, simulating some sort of naturally formed spots (such as sludge, etc.). Therefore, the problem is modeled as an optimization process searching for optimal perturbation positions, which is different from previous work that consider pixel values as decision variables. Notice that this is a complex nonlinear optimization problem, and we use a genetic-algorithm based approach to obtain optimal perturbation positions. In experiments, we use the proposed algorithm to generate various adversarial examples in the form of rectangle, circle, ellipse and spots cluster. Experimental results show that these adversarial examples are almost ignored by human eyes, but can fool HyperLPR with high attack success rate over 93%. Therefore, we believe that this kind of spot evasion attacks would pose a great threat to current LPR systems, and needs to be investigated further by the security community.

Related articles: Most relevant | Search more
arXiv:2001.00116 [cs.CV] (Published 2020-01-01)
Erase and Restore: Simple, Accurate and Resilient Detection of $L_2$ Adversarial Examples
arXiv:2104.02610 [cs.CV] (Published 2021-03-31)
On the Robustness of Vision Transformers to Adversarial Examples
arXiv:2003.07573 [cs.CV] (Published 2020-03-17)
Heat and Blur: An Effective and Fast Defense Against Adversarial Examples