Skip to main content
Log in

A Novel Lightweight Defense Method Against Adversarial Patches-Based Attacks on Automated Vehicle Make and Model Recognition Systems

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

In smart cities, connected and automated surveillance systems play an essential role in ensuring safety and security of life, property, critical infrastructures and cyber-physical systems. The recent trend of such surveillance systems has been to embrace the use of advanced deep learning models such as convolutional neural networks for the task of detection, monitoring or tracking. In this paper, we focus on the security of an automated surveillance system that is responsible for vehicle make and model recognition (VMMR). We introduce an adversarial attack against such VMMR systems through adversarially learnt patches. We demonstrate the effectiveness of the developed adversarial patches against VMMR through experimental evaluations on a real-world vehicle surveillance dataset. The developed adversarial patches achieve reductions of up to \(48\%\) in VMMR recall scores. In addition, we propose a lightweight defense method called SIHFR (stands for Symmetric Image-Half Flip and Replace) to eliminate the effect of adversarial patches on VMMR performance. Through experimental evaluations, we investigate the robustness of the proposed defense method under varying patch placement strategies and patch sizes. The proposed defense method adds a minimal overhead of less than 2ms per image (on average) and succeeds in enhancing VMMR performance by up to \(69.28\%\). It is hoped that this work shall guide future studies to develop smart city VMMR surveillance systems that are robust to cyber-physical attacks based on adversarially learnt patches.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

References

  1. Abdel-Hakim, A.E.: Ally patches for spoliation of adversarial patches. J. Big Data 6, 51 (2019)

    Article  Google Scholar 

  2. Thys, S., Ranst, W.V., Goedemé, T.: Fooling automated surveillance cameras: Adversarial patches to attack person detection. In: 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW), pp. 49–55 (2019)

  3. Huang, L., Gao, C., Zhou, Y., Xie, C., Yuille, A.L., Zou, C., Liu, N.: Universal physical camouflage attacks on object detectors. In: 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2020, Seattle, WA, USA, June 13–19, 2020, pp. 717–726. IEEE (2020)

  4. Duan, R., Ma, X., Wang, Y., Bailey, J., Qin, A.K., Yang, Y.: Adversarial camouflage: Hiding physical-world attacks with natural styles. In: 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2020, Seattle, WA, USA, June 13–19, 2020, pp. 997–1005. IEEE (2020)

  5. Song, D., Eykholt, K., Evtimov, I., Fernandes, E., Li, B., Rahmati, A., Tramèr, F., Prakash, A., Kohno, T.: Physical adversarial examples for object detectors. In: 12th USENIX Workshop on Offensive Technologies, WOOT 2018, Baltimore, MD, USA, August 13–14, 2018. USENIX Association (2018)

  6. Boukerche, A., Siddiqui, A.J., Mammeri, A.: Automated vehicle detection and classification: models, methods, and techniques. ACM Comput. Surv. 50(5) (2017)

  7. Boukerche, A., Hou, Z.: Object detection using deep learning methods in traffic scenarios. ACM Comput. Surv. 54(2), 1–35 (2021)

  8. Sharif, M., Bhagavatula, S., Bauer, L., Reiter, M.K.: Accessorize to a crime: Real and stealthy attacks on state-of-the-art face recognition. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1528–1540. Association for Computing Machinery, New York, NY, USA (2016)

  9. Brown, T., Mane, D., Roy, A., Abadi, M., Gilmer, J.: Adversarial patch. In: Conference on Neural Information Processing Systems (NuerIPS), Machine Learning and Computer Security Workshop (Poster) (2017)

  10. Redmon, J., Farhadi, A.: Yolo9000: Better, faster, stronger. In: 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pp. 6517–6525 (2017)

  11. Liu, X., Yang, H., Liu, Z., Song, L., Chen, Y., Li, H.: DPATCH: an adversarial patch attack on object detectors. CEUR-WS.org (2019)

  12. Ren, S., He, K., Girshick, R.B., Sun, J.: Faster R-CNN: towards real-time object detection with region proposal networks. IEEE Trans. Pattern Anal. Mach. Intell. 39(6), 1137–1149 (2017)

    Article  Google Scholar 

  13. Naseer, M., Khan, S., Porikli, F.: Local gradients smoothing: Defense against localized adversarial attacks. In: 2019 IEEE Winter Conference on Applications of Computer Vision (WACV), pp. 1300–1307. IEEE Computer Society, Los Alamitos, CA, USA (2019)

  14. Hayes, J.: On visible adversarial perturbations digital watermarking. In: 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW), pp. 1678–16787 (2018)

  15. Das, N., Shanbhogue, M., Chen, S.T., Hohman, F., Li, S., Chen, L., Kounavis, M.E., Chau, D.H.: Shield: Fast, practical defense and vaccination for deep learning using jpeg compression. In: 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, pp. 196–204. ACM, New York, NY, USA (2018)

  16. Guo, C., Rana, M., Cissé, M., van der Maaten, L.: Countering adversarial images using input transformations. In: 6th International Conference on Learning Representations, ICLR (Poster) (2018)

  17. Aloqaily, M., Otoum, S., Ridhawi, I.A., Jararweh, Y.: An intrusion detection system for connected vehicles in smart cities. Ad Hoc Networks 90, 101842 (2019). Recent advances on security and privacy in Intelligent Transportation Systems

  18. Kalbo, N., Mirsky, Y., Shabtai, A., Elovici, Y.: The security of ip-based video surveillance systems. Sensors 20(17), 4806 (2020)

    Article  Google Scholar 

  19. Kumar, A.R., Sivagami, A.: Security aware multipath routing protocol for wmsns for minimizing effect of compromising attacks. J. Netw. Syst. Manag. 27(3), 573–599 (2019)

    Article  Google Scholar 

  20. Lahrouni, Y., Pereira, C., Bensaber, B.A., Biskri, I.: Using mathematical methods against denial of service (dos) attacks in VANET. In: 15th ACM International Symposium on Mobility Management and Wireless Access, MOBIWAC 2017, pp. 17–22. ACM (2017)

  21. Salameh, H.B., Derbas, R., Aloqaily, M., Boukerche, A.: Secure routing in multi-hop iot-based cognitive radio networks under jamming attacks. In: 22nd Int’l ACM Conf. on Modeling, Analysis and Simulation of Wireless and Mobile Systems, pp. 323–327. ACM (2019)

  22. Siddiqui, A.J., Boukerche, A.: Adaptive ensembles of autoencoders for unsupervised iot network intrusion detection. Computing (2021)

  23. Li, J., Liang, W., Xu, W., Xu, Z., Zhao, J.: Maximizing the quality of user experience of using services in edge computing for delay-sensitive iot applications. In: 23rd Int’l ACM Conf. on Modeling, Analysis and Simulation of Wireless and Mobile Systems, pp. 113–121. ACM (2020)

  24. Thomas, D., Shankaran, R.: A secure barrier coverage scheduling framework for wsn-based iot applications. In: 23rd International ACM Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems, pp. 215–224. ACM (2020)

  25. Boukerche, A., Machado, R.B., Jucá, K.R.L., Sobral, J.B.M., Notare, M.S.M.A.: An agent based and biological inspired real-time intrusion detection and security model for computer network operations. Comput. Commun. 30(13), 2649–2660 (2007)

    Article  Google Scholar 

  26. Boukerche, A., Jucá, K.R.L., Sobral, J.B.M., Notare, M.S.M.A.: An artificial immune based intrusion detection model for computer and telecommunication systems. Parallel Comput. 30(5–6), 629–646 (2004)

    Article  Google Scholar 

  27. Boukerche, A., Notare, M.S.M.A.: Behavior-based intrusion detection in mobile phone systems. J. Parallel Distrib Comput. 62(9), 1476–1490 (2002)

    Article  Google Scholar 

  28. Tan, L., Xiao, H., Yu, K., Aloqaily, M., Jararweh, Y.: A blockchain-empowered crowdsourcing system for 5g-enabled smart cities. Comput. Stand. Interfaces 76, 103517 (2021)

    Article  Google Scholar 

  29. Chen, Q., Srivastava, G., Parizi, R.M., Aloqaily, M., Ridhawi, I.A.: An incentive-aware blockchain-based solution for internet of fake media things. Inf. Process. Manag. 57(6), 102370 (2020)

    Article  Google Scholar 

  30. He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. 2016 IEEE Conference on Computer Vision and Pattern Recognition, CVPR 2016, Las Vegas, NV, USA, June 27-30, 2016, pp. 770–778. IEEE Computer Society (2016)

  31. Mahendran, A., Vedaldi, A.: Understanding deep image representations by inverting them. In: 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pp. 5188–5196 (2015)

  32. Kingma, D.P., Ba, J.: Adam: A method for stochastic optimization. In: 3rd International Conference on Learning Representations, ICLR 2015, San Diego, CA, USA, May 7-9, 2015, Conference Track Proceedings (2015)

  33. Siddiqui, A.J., Mammeri, A., Boukerche, A.: Real-time vehicle make and model recognition based on a bag of surf features. Trans. Intell. Transport. Syst. 17(11), 3205–3219 (2016)

    Article  Google Scholar 

  34. Yang, L., Luo, P., Loy, C.C., Tang, X.: A large-scale car dataset for fine-grained categorization and verification. In: 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pp. 3973–3981 (2015)

  35. Russakoff, D.B., Tomasi, C., Rohlfing, T., Jr., C.R.M.: Image similarity using mutual information of regions. pp. 596–607. Springer (2004)

Download references

Acknowledgement

This study was partially funded by Canada Research Chairs Program and Natural Sciences and Engineering Research Council of Canada (NSERC)'s CREATE TRANSIT Program.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Abdul Jabbar Siddiqui.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Siddiqui, A.J., Boukerche, A. A Novel Lightweight Defense Method Against Adversarial Patches-Based Attacks on Automated Vehicle Make and Model Recognition Systems. J Netw Syst Manage 29, 41 (2021). https://doi.org/10.1007/s10922-021-09608-6

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10922-021-09608-6

Keywords

Navigation