An Adversarial Detection Method Based on Tracking Performance Difference of Frequency Bands

Zhou Ze; Sun Yinghui; Sun Quansen; Shen Xiaobo; Zheng Yuhui

doi:10.7544/issn1000-1239.202440428

Journal of Computer Research and Development > 2025 > Accepted Manuscript > DOI: 10.7544/issn1000-1239.202440428 CSTR: 32373.14.issn1000-1239.202440428

Zhou Ze, Sun Yinghui, Sun Quansen, Shen Xiaobo, Zheng Yuhui. An Adversarial Detection Method Based on Tracking Performance Difference of Frequency Bands[J]. Journal of Computer Research and Development. DOI: 10.7544/issn1000-1239.202440428

Citation:

PDF (3071 KB)

An Adversarial Detection Method Based on Tracking Performance Difference of Frequency Bands

1.
School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing 210094
2.
School of Computer Science and Engineering, Southeast University, Nanjing 210096
3.
School of Artificial Intelligence, Nanjing University of Information Science and Technology, Nanjing 210044

Funds: This work was supported by the National Natural Science Foundation of China (62372235, 62406069, 62472226), the Jiangsu Natural Science Foundation Excellent Youth Fund (BK20230095), and the China Postdoctoral Science Foundation (2024M750425).

More Information

Author Bio:
Zhou Ze: born in 1995. PhD candidate. Member of CCF. His main research interests include computer vision, visual tracking, and adversarial learning

Sun Yinghui: born in 1992. PhD candidate. Her main research interests include machine learning and multi-view learning

Sun Quansen: born in 1963. PhD. Professor. Member of CCF. His main research interests include pattern recognition, machine learning, and image processing

Shen Xiaobo: born in 1989. PhD. Professor. Member of CCF. His main research interests include machine learning and pattern recognition

Zheng Yuhui: born in 1982. PhD. Professor. Member of CCF. His main research interests include computer vision, artificial intelligence, and data analysis
Received Date: March 15, 2016
Revised Date: April 25, 2016
Accepted Date: January 08, 2025
Available Online: January 08, 2025

Graphical Abstract

Abstract

Abstract

Given the risk of adversarial attacks on tracking models and the lack of relevant adversarial detection methods, this paper addresses the problem from the perspective of frequency domain. Combined with the visual invisible property of perturbation noise, this paper first theoretically proves that perturbation noise mainly exists in the mid-to-high frequency bands of images. Then we quantitatively analyze that the low-frequency components of the video sequence contribute the most to tracking performance and are least affected by adversarial attacks. Finally, based on the above theoretical proof and qualitative analysis, this paper proposes a detection framework based on the tracking performance difference of frequency bands, in which the frequency domain decomposition module for extracting the low-frequency components of the video sequence. The target tracker and its mirror tracker with the same structure and parameters respectively take the full-frequency and low-frequency components of the video sequence as input. The discriminator module determines whether the input video sequence is an adversarial input by comparing the output differences of the two trackers. This detection framework uses a tracker as a carrier and does not require adversarial training. It can achieve adversarial detection only by comparing the tracking performance difference across different frequency bands. Extensive experimental results show that the detection framework can not only effectively detect current mainstream adversarial attacks, such as CSA, TTP, and Spark with a detection precision of 97.55%, but also has little negative impact on the original tracking performance of the tracker. In addition, this framework is generalizable and can be flexibly integrated into multiple trackers, such as SiamRPNpp, SiamMask, SiamCAR, and SiamBAN.
- object tracking,
- adversarial attacks,
- adversarial detection,
- frequency domain decomposition,
- performance difference

FullText(HTML)

References (33)

References

[1]	Kurakin A, Goodfellow I J, Bengio S. Adversarial examples in the physical world [J]. arXiv preprint, arXiv: 1607.02533, 2016
[2]	Szegedy C, Zaremba W, Sutskever I, et al. Intriguing properties of neural networks [J]. arXiv preprint, arXiv: 1312.6199, 2014
[3]	张万里,陈越,杨奎武,等. 一种局部遮挡人脸识别的对抗样本生成方法[J],计算机研究与发展,2023,60(9):2067−2079 Zhang Wanli, Chen Yue, Yang Kuiwu, et al. An adversarial example generation method for locally occluded face recognition [J]. Journal of Computer Research and Development, 2023, 60(9): 2067−2079(in Chinese)
[4]	Yan Bin, Wang Dong, Lu Huchuan, et al. Cooling-shrinking attack: Blinding the tracker with imperceptible noises [C] //Proc of the 33rd IEEE/CVF Conf on Computer Vision and Pattern Recognition. Piscataway, NJ: IEEE, 2020: 990−999
[5]	Nakka K K, Salzmann M. Universal, transferable adversarial perturbations for visual object trackers [C] //Proc of the 17th European Conf on Computer Vision Workshops. Berlin: Springer, 2022: 413−429
[6]	Hou Ruitao, Ai Shan, Chen Qi, et al. Similarity-based integrity protection for deep learning systems[J]. Information Sciences, 2022, 601: 255−267 doi: 10.1016/j.ins.2022.04.003
[7]	Goel A, Moulin P. Fast locally optimal detection of targeted universal adversarial perturbations[J]. IEEE Transactions on Information Forensics and Security, 2022, 17: 1757−1770 doi: 10.1109/TIFS.2022.3169922
[8]	Lust J, Condurache A P. Efficient detection of adversarial, out-of-distribution and other misclassified samples[J]. Neurocomputing, 2022, 470: 335−343 doi: 10.1016/j.neucom.2021.05.102
[9]	Moitra A, Panda P. Detectx-adversarial input detection using current signatures in memristive xbar arrays[J]. IEEE Transactions on Circuits and Systems I: Regular Papers, 2021, 68(11): 4482−4494 doi: 10.1109/TCSI.2021.3110487
[10]	Luo Wenjia, Wu Chenwang, Ni Li, et al. Detecting adversarial examples by positive and negative representations[J]. Applied Soft Computing, 2022, 117: 108383 doi: 10.1016/j.asoc.2021.108383
[11]	Jiang Wei, He Zhiyuan, Zhan Jinyu, et al. Attack-aware detection and defense to resist adversarial examples[J]. IEEE Transactions on Computer- Aided Design of Integrated Circuits and Systems, 2020, 40(10): 2194−2198
[12]	Qin Chuan, Chen Yuefeng, Chen Kejiang, et al. Feature fusion based adversarial example detection against second-round adversarial attacks[J]. IEEE Transactions on Artificial Intelligence, 2023, 4(5): 1029−1040 doi: 10.1109/TAI.2022.3190816
[13]	Qing Yuanyuan, Bai Tao, Liu Zhuotao, et al. Detection of adversarial attacks via disentangling natural images and perturbations[J]. IEEE Transactions on Information Forensics and Security, 2024, 19: 2814−2825 doi: 10.1109/TIFS.2024.3352837
[14]	Wiyatno R, Xu Anqi. Physical adversarial textures that fool visual object tracking [C] //Proc of the 16th IEEE/CVF Int Conf on Computer Vision. Piscataway, NJ: IEEE, 2019: 4821−4830
[15]	Guo Qing, Xie Xiaofei, Ma Lei, et al. Spark: Spatial-aware online incremental attack against visual tracking [C] //Proc of the 15th European Conf on Computer Vision. Berlin: Springer, 2020: 202−219
[16]	Chen Xuesong, Yan Xiyu, Zheng Feng, et al. One-shot adversarial attacks on visual tracking with dual attention [C] //Proc of the 33rd IEEE/CVF Conf on Computer Vision and Pattern Recognition. Piscataway, NJ: IEEE, 2020: 10176−10185
[17]	Zhou Ze, Sun Yinghui, Sun Quansen, et al. Only once attack: Fooling the tracker with adversarial template[J]. IEEE Transactions on Circuits and Systems for Video Technology, 2023, 33(7): 3171−3184
[18]	Li Zhenbang, Shi Yaya, Gao Jin, et al. A simple and strong baseline for universal targeted attacks on Siamese visual tracking[J]. IEEE Transactions on Circuits and Systems for Video Technology, 2021, 32(6): 3880−3894
[19]	Zhou Ze, Sun Yinghui, Sun Quansen, et al. Attacking the tracker with a universal and attractive patch as fake target[J]. Information Sciences, 2023, 650: 119677 doi: 10.1016/j.ins.2023.119677
[20]	Chen Xuesong, Fu Canmiao, Zheng Feng, et al. A unified multi-scenario attacking network for visual object tracking [C] //Proc of the 35th AAAI Conf on Artificial Intelligence. Palo Alto, CA: AAAI, 2021: 1097−1104
[21]	Jia Shuai, Song Yibing, Ma Chao, et al. Iou attack: Towards temporally coherent black-box adversarial attack for visual object tracking [C] //Proc of the 34th IEEE/CVF Conf on Computer Vision and Pattern Recognition. Piscataway, NJ: IEEE, 2021: 6709−6718
[22]	Liang Siyuan, Wei Xingxing, Yao Siyuan, et al. Efficient adversarial attacks for visual object tracking [C] //Proc of the 16th European Conf on Computer Vision. Berlin: Springer, 2020: 34−50
[23]	Guo Qing, Cheng Ziyi, Xu Juefei, et al. Learning to adversarially blur visual object tracking [C] //Proc of the 17th IEEE/CVF Int Conf on Computer Vision. Piscataway, NJ: IEEE, 2021: 10839−10848
[24]	Zhao Shaochuan, Xu Tianyang, Wu Xiaojun, et al. Pluggable attack for visual object tracking[J]. IEEE Transactions on Information Forensics and Security, 2024, 19: 1227−1240 doi: 10.1109/TIFS.2023.3331899
[25]	Li Bo, Wu Wei, Wang Qiang, et al. Siamrpn++: Evolution of siamese visual tracking with very deep networks [C] //Proc of the 17th IEEE/CVF Conf on Computer Vision and Pattern Recognition. Piscataway, NJ: IEEE, 2019: 4282−4291
[26]	Ren Shaoqing, He Kaiming, Girshick R, et al. Faster r-cnn: Towards real-time object detection with region proposal networks[J]. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2017, 39(6): 1137−1149 doi: 10.1109/TPAMI.2016.2577031
[27]	Wu Yi, Lim J, Yang M. Object tracking benchmark[J]. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2015, 37(9): 1834−1848 doi: 10.1109/TPAMI.2014.2388226
[28]	Mueller M, Smith N, Ghanem B. A benchmark and simulator for uav tracking [C] //Proc of the 14th European Conf on Computer Vision. Berlin: Springer, 2016: 445−461
[29]	Fan Heng, Lin Liting, Yang Fan, et al. Lasot: A high-quality benchmark for large-scale single object tracking [C] //Proc of the 32nd IEEE/CVF Conf on Computer Vision and Pattern Recognition. Piscataway, NJ: IEEE, 2019: 5374−5383
[30]	Wang Qiang, Zhang Li, Bertinetto L, et al. Fast online object tracking and segmentation: A unifying approach [C] //Proc of the 32nd IEEE/CVF Conf on Computer Vision and Pattern Recognition. Piscataway, NJ: IEEE, 2019: 1328−1338
[31]	Li Bo, Yan Junjie, Wu Wei, et al. High performance visual tracking with Siamese region proposal network [C] //Proc of the 31st IEEE/CVF Conf on Computer Vision and Pattern Recognition. Piscataway, NJ: IEEE, 2018: 8971−8980
[32]	Guo Dongyan, Wang Jun, Cui Ying, et al. SiamCAR: Siamese fully convolutional classification and regression for visual tracking [C] //Proc of the 33rd IEEE/CVF Conf on Computer Vision and Pattern Recognition. Piscataway, NJ: IEEE, 2020: 6268−6276
[33]	Chen Zedu, Zhong Bineng, Li Guorong, et al. Siamese box adaptive network for visual tracking [C] //Proc of the 33rd IEEE/CVF Conf on Computer Vision and Pattern Recognition. Piscataway, NJ: IEEE, 2020: 6667−6676

[1]	Li Junwei, Liu Quan, Huang Zhigang, Xu Yapeng. A Diversity-Enriched Option-Critic Algorithm with Interest Functions[J]. Journal of Computer Research and Development, 2024, 61(12): 3108-3120. DOI: 10.7544/issn1000-1239.202220970
[2]	Zhao Rongmei, Sun Siyu, Yan Fanli, Peng Jian, Ju Shenggen. Multi-Interest Aware Sequential Recommender System Based on Contrastive Learning[J]. Journal of Computer Research and Development, 2024, 61(7): 1730-1740. DOI: 10.7544/issn1000-1239.202330622
[3]	Zhu Haiping, Wang Ziyu, Zhao Chengcheng, Chen Yan, Liu Jun, Tian Feng. Learning Resource Recommendation Method Based on Spatio-Temporal Multi-Granularity Interest Modeling[J]. Journal of Computer Research and Development. DOI: 10.7544/issn1000-1239.202440249
[4]	Liu Haijiao, Ma Huifang, Zhao Qiqi, Li Zhixin. Target Community Detection with User Interest Preferences and Influence[J]. Journal of Computer Research and Development, 2021, 58(1): 70-82. DOI: 10.7544/issn1000-1239.2021.20190775
[5]	Guo Kaihong, Han Hailong. Personalized Recommendation Model Based on Quantifier Induced by Preference[J]. Journal of Computer Research and Development, 2020, 57(1): 124-135. DOI: 10.7544/issn1000-1239.2020.20190166
[6]	Gao Ling, Gao Quanli, Wang Hai, Wang Wei, Yang Kang. A Preference Prediction Method Based on the Optimization of Basic Similarity Space Distribution[J]. Journal of Computer Research and Development, 2018, 55(5): 977-985. DOI: 10.7544/issn1000-1239.2018.20160924
[7]	Guo Chi, Wang Lina, Guan Yiping, Zhang Xiaoying. A Network Immunization Strategy Based on Dynamic Preference Scan[J]. Journal of Computer Research and Development, 2012, 49(4): 717-724.
[8]	Zou Bowei, Zhang Yu, Fan Jili, Zheng Wei, and Liu Ting. Research on Personalized Information Retrieval Based on User’s New Interest Detection[J]. Journal of Computer Research and Development, 2009, 46(9): 1594-1600.
[9]	Wang Zhenzhen, Xing Hancheng, and Chen Hanwu. On a Preference System of Agent and Its Construction[J]. Journal of Computer Research and Development, 2009, 46(2): 253-260.
[10]	Wu Jing, Zhang Pin, Luo Xin, Sheng Hao, and Xiong Zhang. Mining Interests and Navigation Patterns in Personalization on Portal[J]. Journal of Computer Research and Development, 2007, 44(8): 1284-1292.