X-Detect: explainable adversarial patch detection for object detectors in retail

X-Detect: explainable adversarial patch detection for object detectors in retail

Object detection models, which are widely used in various domains (such as retail), have been shown to be vulnerable to adversarial attacks. Existing methods for detecting adversarial attacks on object detectors have had difficulty detecting new real-life attacks. We present X-Detect, a novel advers...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Machine learning 2024-09, Vol.113 (9), p.6273-6292
Hauptverfasser: Hofman, Omer, Giloni, Amit, Hayun, Yarin, Morikawa, Ikuya, Shimizu, Toshiya, Elovici, Yuval, Shabtai, Asaf
Format: Artikel
Sprache:eng
Schlagworte:
Artificial Intelligence
Computer Science
Control
Datasets
Detectors
False alarms
Feature extraction
Machine Learning
Mechatronics
Natural Language Processing (NLP)
Object recognition
Robotics
Sensors
Simulation and Modeling
Superstores
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 6292
container_issue 9
container_start_page 6273
container_title Machine learning
container_volume 113
creator Hofman, Omer
Giloni, Amit
Hayun, Yarin
Morikawa, Ikuya
Shimizu, Toshiya
Elovici, Yuval
Shabtai, Asaf
description Object detection models, which are widely used in various domains (such as retail), have been shown to be vulnerable to adversarial attacks. Existing methods for detecting adversarial attacks on object detectors have had difficulty detecting new real-life attacks. We present X-Detect, a novel adversarial patch detector that can: (1) detect adversarial samples in real time, allowing the defender to take preventive action; (2) provide explanations for the alerts raised to support the defender’s decision-making process, and (3) handle unfamiliar threats in the form of new attacks. Given a new scene, X-Detect uses an ensemble of explainable-by-design detectors that utilize object extraction, scene manipulation, and feature transformation techniques to determine whether an alert needs to be raised. X-Detect was evaluated in both the physical and digital space using five different attack scenarios (including adaptive attacks) and the benchmark COCO dataset and our new Superstore dataset. The physical evaluation was performed using a smart shopping cart setup in real-world settings and included 17 adversarial patch attacks recorded in 1700 adversarial videos. The results showed that X-Detect outperforms the state-of-the-art methods in distinguishing between benign and adversarial scenes for all attack scenarios while maintaining a 0% FPR (no false alarms) and providing actionable explanations for the alerts raised. A demo is available.
doi_str_mv 10.1007/s10994-024-06548-5
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_3090099268</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3090099268</sourcerecordid><originalsourceid>FETCH-LOGICAL-c244t-d1a6111a7eafcb8967032b70ab041bc50e12bee874c19512a79bbbe6a74822523</originalsourceid><addsrcrecordid>eNp9kE9LxDAQxYMouK5-AU8Bz9FJ2iStN1n_gqAHBW9h0p1ql9rWpCv67Y3bBW8ehmGG994wP8aOJZxKAHsWJZRlLkClMjovhN5hM6ltJkAbvctmUBRaGKn0PjuIcQUAyhRmxh5fxCWNVI3nnL6GFpsOfUscl58UIoYGWz7gWL3x5UbV9B2v-8B7v0rTdtmHyJuOBxqxaQ_ZXo1tpKNtn7Pn66unxa24f7i5W1zci0rl-SiWEo2UEi1hXfmiNBYy5S2gh1z6SgNJ5YkKm1ey1FKhLb33ZNDmhVJaZXN2MuUOof9YUxzdql-HLp10GZSQcKQHk0pNqir0MQaq3RCadwzfToL7Jecmci6RcxtyTidTNpliEnevFP6i_3H9ABXFcPY</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>3090099268</pqid></control><display><type>article</type><title>X-Detect: explainable adversarial patch detection for object detectors in retail</title><source>Springer Nature - Complete Springer Journals</source><creator>Hofman, Omer ; Giloni, Amit ; Hayun, Yarin ; Morikawa, Ikuya ; Shimizu, Toshiya ; Elovici, Yuval ; Shabtai, Asaf</creator><creatorcontrib>Hofman, Omer ; Giloni, Amit ; Hayun, Yarin ; Morikawa, Ikuya ; Shimizu, Toshiya ; Elovici, Yuval ; Shabtai, Asaf</creatorcontrib><description>Object detection models, which are widely used in various domains (such as retail), have been shown to be vulnerable to adversarial attacks. Existing methods for detecting adversarial attacks on object detectors have had difficulty detecting new real-life attacks. We present X-Detect, a novel adversarial patch detector that can: (1) detect adversarial samples in real time, allowing the defender to take preventive action; (2) provide explanations for the alerts raised to support the defender’s decision-making process, and (3) handle unfamiliar threats in the form of new attacks. Given a new scene, X-Detect uses an ensemble of explainable-by-design detectors that utilize object extraction, scene manipulation, and feature transformation techniques to determine whether an alert needs to be raised. X-Detect was evaluated in both the physical and digital space using five different attack scenarios (including adaptive attacks) and the benchmark COCO dataset and our new Superstore dataset. The physical evaluation was performed using a smart shopping cart setup in real-world settings and included 17 adversarial patch attacks recorded in 1700 adversarial videos. The results showed that X-Detect outperforms the state-of-the-art methods in distinguishing between benign and adversarial scenes for all attack scenarios while maintaining a 0% FPR (no false alarms) and providing actionable explanations for the alerts raised. A demo is available.</description><identifier>ISSN: 0885-6125</identifier><identifier>EISSN: 1573-0565</identifier><identifier>DOI: 10.1007/s10994-024-06548-5</identifier><language>eng</language><publisher>New York: Springer US</publisher><subject>Artificial Intelligence ; Computer Science ; Control ; Datasets ; Detectors ; False alarms ; Feature extraction ; Machine Learning ; Mechatronics ; Natural Language Processing (NLP) ; Object recognition ; Robotics ; Sensors ; Simulation and Modeling ; Superstores</subject><ispartof>Machine learning, 2024-09, Vol.113 (9), p.6273-6292</ispartof><rights>The Author(s) 2024</rights><rights>The Author(s) 2024. This work is published under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c244t-d1a6111a7eafcb8967032b70ab041bc50e12bee874c19512a79bbbe6a74822523</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/s10994-024-06548-5$$EPDF$$P50$$Gspringer$$Hfree_for_read</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/s10994-024-06548-5$$EHTML$$P50$$Gspringer$$Hfree_for_read</linktohtml><link.rule.ids>315,781,785,27926,27927,41490,42559,51321</link.rule.ids></links><search><creatorcontrib>Hofman, Omer</creatorcontrib><creatorcontrib>Giloni, Amit</creatorcontrib><creatorcontrib>Hayun, Yarin</creatorcontrib><creatorcontrib>Morikawa, Ikuya</creatorcontrib><creatorcontrib>Shimizu, Toshiya</creatorcontrib><creatorcontrib>Elovici, Yuval</creatorcontrib><creatorcontrib>Shabtai, Asaf</creatorcontrib><title>X-Detect: explainable adversarial patch detection for object detectors in retail</title><title>Machine learning</title><addtitle>Mach Learn</addtitle><description>Object detection models, which are widely used in various domains (such as retail), have been shown to be vulnerable to adversarial attacks. Existing methods for detecting adversarial attacks on object detectors have had difficulty detecting new real-life attacks. We present X-Detect, a novel adversarial patch detector that can: (1) detect adversarial samples in real time, allowing the defender to take preventive action; (2) provide explanations for the alerts raised to support the defender’s decision-making process, and (3) handle unfamiliar threats in the form of new attacks. Given a new scene, X-Detect uses an ensemble of explainable-by-design detectors that utilize object extraction, scene manipulation, and feature transformation techniques to determine whether an alert needs to be raised. X-Detect was evaluated in both the physical and digital space using five different attack scenarios (including adaptive attacks) and the benchmark COCO dataset and our new Superstore dataset. The physical evaluation was performed using a smart shopping cart setup in real-world settings and included 17 adversarial patch attacks recorded in 1700 adversarial videos. The results showed that X-Detect outperforms the state-of-the-art methods in distinguishing between benign and adversarial scenes for all attack scenarios while maintaining a 0% FPR (no false alarms) and providing actionable explanations for the alerts raised. A demo is available.</description><subject>Artificial Intelligence</subject><subject>Computer Science</subject><subject>Control</subject><subject>Datasets</subject><subject>Detectors</subject><subject>False alarms</subject><subject>Feature extraction</subject><subject>Machine Learning</subject><subject>Mechatronics</subject><subject>Natural Language Processing (NLP)</subject><subject>Object recognition</subject><subject>Robotics</subject><subject>Sensors</subject><subject>Simulation and Modeling</subject><subject>Superstores</subject><issn>0885-6125</issn><issn>1573-0565</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><sourceid>C6C</sourceid><recordid>eNp9kE9LxDAQxYMouK5-AU8Bz9FJ2iStN1n_gqAHBW9h0p1ql9rWpCv67Y3bBW8ehmGG994wP8aOJZxKAHsWJZRlLkClMjovhN5hM6ltJkAbvctmUBRaGKn0PjuIcQUAyhRmxh5fxCWNVI3nnL6GFpsOfUscl58UIoYGWz7gWL3x5UbV9B2v-8B7v0rTdtmHyJuOBxqxaQ_ZXo1tpKNtn7Pn66unxa24f7i5W1zci0rl-SiWEo2UEi1hXfmiNBYy5S2gh1z6SgNJ5YkKm1ey1FKhLb33ZNDmhVJaZXN2MuUOof9YUxzdql-HLp10GZSQcKQHk0pNqir0MQaq3RCadwzfToL7Jecmci6RcxtyTidTNpliEnevFP6i_3H9ABXFcPY</recordid><startdate>20240901</startdate><enddate>20240901</enddate><creator>Hofman, Omer</creator><creator>Giloni, Amit</creator><creator>Hayun, Yarin</creator><creator>Morikawa, Ikuya</creator><creator>Shimizu, Toshiya</creator><creator>Elovici, Yuval</creator><creator>Shabtai, Asaf</creator><general>Springer US</general><general>Springer Nature B.V</general><scope>C6C</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20240901</creationdate><title>X-Detect: explainable adversarial patch detection for object detectors in retail</title><author>Hofman, Omer ; Giloni, Amit ; Hayun, Yarin ; Morikawa, Ikuya ; Shimizu, Toshiya ; Elovici, Yuval ; Shabtai, Asaf</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c244t-d1a6111a7eafcb8967032b70ab041bc50e12bee874c19512a79bbbe6a74822523</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Artificial Intelligence</topic><topic>Computer Science</topic><topic>Control</topic><topic>Datasets</topic><topic>Detectors</topic><topic>False alarms</topic><topic>Feature extraction</topic><topic>Machine Learning</topic><topic>Mechatronics</topic><topic>Natural Language Processing (NLP)</topic><topic>Object recognition</topic><topic>Robotics</topic><topic>Sensors</topic><topic>Simulation and Modeling</topic><topic>Superstores</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Hofman, Omer</creatorcontrib><creatorcontrib>Giloni, Amit</creatorcontrib><creatorcontrib>Hayun, Yarin</creatorcontrib><creatorcontrib>Morikawa, Ikuya</creatorcontrib><creatorcontrib>Shimizu, Toshiya</creatorcontrib><creatorcontrib>Elovici, Yuval</creatorcontrib><creatorcontrib>Shabtai, Asaf</creatorcontrib><collection>SpringerOpen(OpenAccess)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Machine learning</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Hofman, Omer</au><au>Giloni, Amit</au><au>Hayun, Yarin</au><au>Morikawa, Ikuya</au><au>Shimizu, Toshiya</au><au>Elovici, Yuval</au><au>Shabtai, Asaf</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>X-Detect: explainable adversarial patch detection for object detectors in retail</atitle><jtitle>Machine learning</jtitle><stitle>Mach Learn</stitle><date>2024-09-01</date><risdate>2024</risdate><volume>113</volume><issue>9</issue><spage>6273</spage><epage>6292</epage><pages>6273-6292</pages><issn>0885-6125</issn><eissn>1573-0565</eissn><abstract>Object detection models, which are widely used in various domains (such as retail), have been shown to be vulnerable to adversarial attacks. Existing methods for detecting adversarial attacks on object detectors have had difficulty detecting new real-life attacks. We present X-Detect, a novel adversarial patch detector that can: (1) detect adversarial samples in real time, allowing the defender to take preventive action; (2) provide explanations for the alerts raised to support the defender’s decision-making process, and (3) handle unfamiliar threats in the form of new attacks. Given a new scene, X-Detect uses an ensemble of explainable-by-design detectors that utilize object extraction, scene manipulation, and feature transformation techniques to determine whether an alert needs to be raised. X-Detect was evaluated in both the physical and digital space using five different attack scenarios (including adaptive attacks) and the benchmark COCO dataset and our new Superstore dataset. The physical evaluation was performed using a smart shopping cart setup in real-world settings and included 17 adversarial patch attacks recorded in 1700 adversarial videos. The results showed that X-Detect outperforms the state-of-the-art methods in distinguishing between benign and adversarial scenes for all attack scenarios while maintaining a 0% FPR (no false alarms) and providing actionable explanations for the alerts raised. A demo is available.</abstract><cop>New York</cop><pub>Springer US</pub><doi>10.1007/s10994-024-06548-5</doi><tpages>20</tpages><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 0885-6125
ispartof Machine learning, 2024-09, Vol.113 (9), p.6273-6292
issn 0885-6125
1573-0565
language eng
recordid cdi_proquest_journals_3090099268
source Springer Nature - Complete Springer Journals
subjects Artificial Intelligence
Computer Science
Control
Datasets
Detectors
False alarms
Feature extraction
Machine Learning
Mechatronics
Natural Language Processing (NLP)
Object recognition
Robotics
Sensors
Simulation and Modeling
Superstores
title X-Detect: explainable adversarial patch detection for object detectors in retail
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-17T17%3A02%3A20IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=X-Detect:%20explainable%20adversarial%20patch%20detection%20for%20object%20detectors%20in%20retail&rft.jtitle=Machine%20learning&rft.au=Hofman,%20Omer&rft.date=2024-09-01&rft.volume=113&rft.issue=9&rft.spage=6273&rft.epage=6292&rft.pages=6273-6292&rft.issn=0885-6125&rft.eissn=1573-0565&rft_id=info:doi/10.1007/s10994-024-06548-5&rft_dat=%3Cproquest_cross%3E3090099268%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=3090099268&rft_id=info:pmid/&rfr_iscdi=true