With the development of adversarial attacks, the performance of object detection based on deep learning is threatened. When adversarial examples are introduced into the detection task, the detector will suffer from poor detection performance, causing a large number of false detections. To handle this problem, we propose a defense method by combing bilateral filtering and the denoising autoencoder. Taking the you only look once (YOLO) v4 detection model as the research target, the proposed method proceeds as follows. First, it performs weighted average in the spatial domain and the pixel-range domain. The method retains important edge texture information when it reduces the perturbations in the image. Then, a three-layer denoising reduction autoencoder is designed, and a new optimization algorithm is proposed to minimize the distance between the input and output. Finally, experiments show that the method proposed has a better defense effect than the existing defense methods. When facing the projected gradient descent-based object detection bounding box disappearance adversarial attack, our defense method can improve the detection true-box rate indicator to 83.04% on the visual object classes challenge (VOC) dataset and 72.20% on the common objects in context (COCO) data. The number of bounding boxes correctly detected is 88.09% and 86.09% of the original one on the PASCAL VOC dataset and the Microsoft COCO dataset, respectively. |
ACCESS THE FULL ARTICLE
No SPIE Account? Create one
Defense and security
Denoising
Image filtering
Image processing
Detection and tracking algorithms
Target detection
Digital filtering