More Like this

1. Study of AI Object Detection: Patterns on Animals with YOLO and Adversarial Patches

   Hopson, A; Boonthum-Denecke, C (March 2025, The 2025 ADMI Symposium)

   In this paper, we documented our findings from previous research and literature related to adversarial examples and object detection. Artificial Intelligence (AI) is an increasingly powerful tool in various fields, particularly in image classification and object detection. As AI becomes more advanced, new methods to deceive machine learning models, such as adversarial perturbations, have emerged. These subtle modifications to images can cause AI models to misclassify objects, posing a significant challenge to their reliability. This research builds upon our earlier work by investigating how small perturbations affect object detection on YOLOv8. Last year, we explored patterns within images and their impact on model accuracy. This study will extend that by testing how adversarial perturbations, particularly those targeting animal patterns, affect YOLO v8's ability to accurately detect objects. We will also explore how untrained patterns influence the model’s performance, aiming to identify weaknesses and improve the robustness of object detection systems. 

   more » « less
2. Reducing The Effects Of Adversarial Patches Using Ai-Based Inpainting

   Hill, A; Boonthum-Denecke, C; Mkpong-Ruffin, I (March 2025, The 2025 ADMI Symposium)

   Adversarial patches represent a critical vulnerability in computer vision systems, as they are specifically created in order to deceive object detection algorithms, which can compromise their reliability in real-world applications. This research investigates the impact of adversarial patches on object detection models and proposes a novel mitigation strategy to address this challenge. The study's primary objective was to design a comprehensive framework that integrates adversarial patch detection with image restoration. To achieve this, a YOLOv8-based detection framework was employed, trained on a specialized dataset of adversarial patches to ensure high detection accuracy. Upon identification of patches, advanced inpainting techniques utilizing AI models were applied to mask and fill the affected areas, restoring the image with expected content. The methodology combines the precision of object detection with the generative capabilities of modern inpainting algorithms, ensuring minimal disruption to the visual integrity of the image. This work contributes to the field of adversarial robustness by providing a comprehensive approach that integrates detection, masking, and content restoration. The results highlight the potential of AI-driven solutions to enhance the resilience of object detection systems against adversarial attacks, paving the way for safer deployment of vision-based technologies in critical domains such as autonomous vehicles, surveillance, and medical imaging. 

   more » « less
3. Segment and Recover: Defending Object Detectors Against Adversarial Patch Attacks

   https://doi.org/10.3390/jimaging11090316  

   Gu, Haotian; Jafarnejadsani, Hamidreza (September 2025, Journal of Imaging)

   Object detection is used to automatically identify and locate specific objects within images or videos for applications like autonomous driving, security surveillance, and medical imaging. Protecting object detection models against adversarial attacks, particularly malicious patches, is crucial to ensure reliable and safe performance in safety-critical applications, where misdetections can lead to severe consequences. Existing defenses against patch attacks are primarily designed for stationary scenes and struggle against adversarial image patches that vary in scale, position, and orientation in dynamic environments.In this paper, we introduce SAR, a patch-agnostic defense scheme based on image preprocessing that does not require additional model training. By integration of the patch-agnostic detection frontend with an additional broken pixel restoration backend, Segment and Recover (SAR) is developed for the large-mask-covered object-hiding attack. Our approach breaks the limitation of the patch scale, shape, and location, accurately localizes the adversarial patch on the frontend, and restores the broken pixel on the backend. Our evaluations of the clean performance demonstrate that SAR is compatible with a variety of pretrained object detectors. Moreover, SAR exhibits notable resilience improvements over state-of-the-art methods evaluated in this paper. Our comprehensive evaluation studies involve diverse patch types, such as localized-noise, printable, visible, and adaptive adversarial patches. 

   more » « less
4. Role of Spatial Context in Adversarial Robustness for Object Detection

   Saha, Aniruddha (July 2020, Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops)

   The benefits of utilizing spatial context in fast object detection algorithms have been studied extensively. Detectors increase inference speed by doing a single forward pass per image which means they implicitly use contextual reasoning for their predictions. However, one can show that an adversary can design adversarial patches which do not overlap with any objects of interest in the scene and exploit con- textual reasoning to fool standard detectors. In this paper, we examine this problem and design category specific adversarial patches which make a widely used object detector like YOLO blind to an attacker chosen object category. We also show that limiting the use of spatial context during object detector training improves robustness to such adversaries. We believe the existence of context based adversarial attacks is concerning since the adversarial patch can affect predictions without being in vicinity of any objects of interest. Hence, defending against such attacks becomes challenging and we urge the research community to give attention to this vulnerability. 

   more » « less
5. Impact of Adversarial Patches on Object Detection with YOLOv7

   Hunt, Darrien; Boonthum-Denecke, Chutima; Mkpong-Ruffin, Idongesit (January 2023, The 2023 ADMI Symposium)

   With the increased use of machine learning models, there is a need to understand how machine learning models can be maliciously targeted. Understanding how these attacks are ‘enacted’ helps in being able to ‘harden’ models so that it is harder for attackers to evade detection. We want to better understand object detection, the underlying algorithms, different perturbation approaches that can be utilized to fool these models. To this end, we document our findings as a review of existing literature and open-source repositories related to Computer Vision and Object Detection. We also look at how Adversarial Patches impact object detection algorithms. Our objective was to replicate existing processes in order to reproduce results to further our research on adversarial patches. 

   more » « less