-
Distributed Black-box Attack: Do Not Overestimate Black-box Attacks
Authors:
Han Wu,
Sareh Rowlands,
Johan Wahlstrom
Abstract:
Black-box adversarial attacks can fool image classifiers into misclassifying images without requiring access to model structure and weights. Recent studies have reported attack success rates of over 95% with less than 1,000 queries. The question then arises of whether black-box attacks have become a real threat against IoT devices that rely on cloud APIs to achieve image classification. To shed so…
▽ More
Black-box adversarial attacks can fool image classifiers into misclassifying images without requiring access to model structure and weights. Recent studies have reported attack success rates of over 95% with less than 1,000 queries. The question then arises of whether black-box attacks have become a real threat against IoT devices that rely on cloud APIs to achieve image classification. To shed some light on this, note that prior research has primarily focused on increasing the success rate and reducing the number of queries. However, another crucial factor for black-box attacks against cloud APIs is the time required to perform the attack. This paper applies black-box attacks directly to cloud APIs rather than to local models, thereby avoiding mistakes made in prior research that applied the perturbation before image encoding and pre-processing. Further, we exploit load balancing to enable distributed black-box attacks that can reduce the attack time by a factor of about five for both local search and gradient estimation methods.
△ Less
Submitted 5 July, 2024; v1 submitted 28 October, 2022;
originally announced October 2022.
-
Adversarial Detection: Attacking Object Detection in Real Time
Authors:
Han Wu,
Syed Yunas,
Sareh Rowlands,
Wenjie Ruan,
Johan Wahlstrom
Abstract:
Intelligent robots rely on object detection models to perceive the environment. Following advances in deep learning security it has been revealed that object detection models are vulnerable to adversarial attacks. However, prior research primarily focuses on attacking static images or offline videos. Therefore, it is still unclear if such attacks could jeopardize real-world robotic applications in…
▽ More
Intelligent robots rely on object detection models to perceive the environment. Following advances in deep learning security it has been revealed that object detection models are vulnerable to adversarial attacks. However, prior research primarily focuses on attacking static images or offline videos. Therefore, it is still unclear if such attacks could jeopardize real-world robotic applications in dynamic environments. This paper bridges this gap by presenting the first real-time online attack against object detection models. We devise three attacks that fabricate bounding boxes for nonexistent objects at desired locations. The attacks achieve a success rate of about 90% within about 20 iterations. The demo video is available at https://youtu.be/zJZ1aNlXsMU.
△ Less
Submitted 12 December, 2023; v1 submitted 5 September, 2022;
originally announced September 2022.
-
A Man-in-the-Middle Attack against Object Detection Systems
Authors:
Han Wu,
Sareh Rowlands,
Johan Wahlstrom
Abstract:
Object detection systems using deep learning models have become increasingly popular in robotics thanks to the rising power of CPUs and GPUs in embedded systems. However, these models are susceptible to adversarial attacks. While some attacks are limited by strict assumptions on access to the detection system, we propose a novel hardware attack inspired by Man-in-the-Middle attacks in cryptography…
▽ More
Object detection systems using deep learning models have become increasingly popular in robotics thanks to the rising power of CPUs and GPUs in embedded systems. However, these models are susceptible to adversarial attacks. While some attacks are limited by strict assumptions on access to the detection system, we propose a novel hardware attack inspired by Man-in-the-Middle attacks in cryptography. This attack generates an Universal Adversarial Perturbation (UAP) and then inject the perturbation between the USB camera and the detection system via a hardware attack. Besides, prior research is misled by an evaluation metric that measures the model accuracy rather than the attack performance. In combination with our proposed evaluation metrics, we significantly increases the strength of adversarial perturbations. These findings raise serious concerns for applications of deep learning models in safety-critical systems, such as autonomous driving.
△ Less
Submitted 21 August, 2023; v1 submitted 15 August, 2022;
originally announced August 2022.
-
Adversarial Driving: Attacking End-to-End Autonomous Driving
Authors:
Han Wu,
Syed Yunas,
Sareh Rowlands,
Wenjie Ruan,
Johan Wahlstrom
Abstract:
As research in deep neural networks advances, deep convolutional networks become promising for autonomous driving tasks. In particular, there is an emerging trend of employing end-to-end neural network models for autonomous driving. However, previous research has shown that deep neural network classifiers are vulnerable to adversarial attacks. While for regression tasks, the effect of adversarial…
▽ More
As research in deep neural networks advances, deep convolutional networks become promising for autonomous driving tasks. In particular, there is an emerging trend of employing end-to-end neural network models for autonomous driving. However, previous research has shown that deep neural network classifiers are vulnerable to adversarial attacks. While for regression tasks, the effect of adversarial attacks is not as well understood. In this research, we devise two white-box targeted attacks against end-to-end autonomous driving models. Our attacks manipulate the behavior of the autonomous driving system by perturbing the input image. In an average of 800 attacks with the same attack strength (epsilon=1), the image-specific and image-agnostic attack deviates the steering angle from the original output by 0.478 and 0.111, respectively, which is much stronger than random noises that only perturbs the steering angle by 0.002 (The steering angle ranges from [-1, 1]). Both attacks can be initiated in real-time on CPUs without employing GPUs. Demo video: https://youtu.be/I0i8uN2oOP0.
△ Less
Submitted 12 December, 2023; v1 submitted 16 March, 2021;
originally announced March 2021.
-
Fifteen Years of Progress at Zero Velocity: A Review
Authors:
Johan Wahlström,
Isaac Skog
Abstract:
Fifteen years have passed since the publication of Foxlin's seminal paper "Pedestrian tracking with shoe-mounted inertial sensors". In addition to popularizing the zero-velocity update, Foxlin also hinted that the optimal parameter tuning of the zero-velocity detector is dependent on, for example, the user's gait speed. As demonstrated by the recent influx of related studies, the question of how t…
▽ More
Fifteen years have passed since the publication of Foxlin's seminal paper "Pedestrian tracking with shoe-mounted inertial sensors". In addition to popularizing the zero-velocity update, Foxlin also hinted that the optimal parameter tuning of the zero-velocity detector is dependent on, for example, the user's gait speed. As demonstrated by the recent influx of related studies, the question of how to properly design a robust zero-velocity detector is still an open research question. In this review, we first recount the history of foot-mounted inertial navigation and characterize the main sources of error, thereby motivating the need for a robust solution. Following this, we systematically analyze current approaches to robust zero-velocity detection, while categorizing public code and data. The article concludes with a discussion on commercialization along with guidance for future research.
△ Less
Submitted 20 August, 2020;
originally announced August 2020.
-
FootSLAM meets Adaptive Thresholding
Authors:
Johan Wahlstrom,
Andrew Markham,
Niki Trigoni
Abstract:
Calibration of the zero-velocity detection threshold is an essential prerequisite for zero-velocity-aided inertial navigation. However, the literature is lacking a self-contained calibration method, suitable for large-scale use in unprepared environments without map information or pre-deployed infrastructure. In this paper, the calibration of the zero-velocity detection threshold is formulated as…
▽ More
Calibration of the zero-velocity detection threshold is an essential prerequisite for zero-velocity-aided inertial navigation. However, the literature is lacking a self-contained calibration method, suitable for large-scale use in unprepared environments without map information or pre-deployed infrastructure. In this paper, the calibration of the zero-velocity detection threshold is formulated as a maximum likelihood problem. The likelihood function is approximated using estimation quantities readily available from the FootSLAM algorithm. Thus, we obtain a method for adaptive thresholding that does not require map information, measurements from supplementary sensors, or user input. Experimental evaluations are conducted using data with different gait speeds, sensor placements, and walking trajectories. The proposed calibration method is shown to outperform fixed-threshold zero-velocity detectors and a benchmark using a speed-based threshold classifier.
△ Less
Submitted 26 March, 2020; v1 submitted 1 November, 2019;
originally announced November 2019.
-
Sensor Fusion for Magneto-Inductive Navigation
Authors:
Johan Wahlström,
Manon Kok,
Pedro Porto Buarque de Gusmao,
Traian E. Abrudan,
Niki Trigoni,
Andrew Markham
Abstract:
Magneto-inductive navigation is an inexpensive and easily deployable solution to many of today's navigation problems. By utilizing very low frequency magnetic fields, magneto-inductive technology circumvents the problems with attenuation and multipath that often plague competing modalities. Using triaxial transmitter and receiver coils, it is possible to compute position and orientation estimates…
▽ More
Magneto-inductive navigation is an inexpensive and easily deployable solution to many of today's navigation problems. By utilizing very low frequency magnetic fields, magneto-inductive technology circumvents the problems with attenuation and multipath that often plague competing modalities. Using triaxial transmitter and receiver coils, it is possible to compute position and orientation estimates in three dimensions. However, in many situations, additional information is available that constrains the set of possible solutions. For example, the receiver may be known to be coplanar with the transmitter, or orientation information may be available from inertial sensors. We employ a maximum a posteriori estimator to fuse magneto-inductive signals with such complementary information. Further, we derive the Cramer-Rao bound for the position estimates and investigate the problem of detecting distortions caused by ferrous material. The performance of the estimator is compared to the Cramer-Rao bound and a state-of-the-art estimator using both simulations and real-world data. By fusing magneto-inductive signals with accelerometer measurements, the median position error is reduced almost by a factor of two.
△ Less
Submitted 18 September, 2019;
originally announced September 2019.
-
DeepTIO: A Deep Thermal-Inertial Odometry with Visual Hallucination
Authors:
Muhamad Risqi U. Saputra,
Pedro P. B. de Gusmao,
Chris Xiaoxuan Lu,
Yasin Almalioglu,
Stefano Rosa,
Changhao Chen,
Johan Wahlström,
Wei Wang,
Andrew Markham,
Niki Trigoni
Abstract:
Visual odometry shows excellent performance in a wide range of environments. However, in visually-denied scenarios (e.g. heavy smoke or darkness), pose estimates degrade or even fail. Thermal cameras are commonly used for perception and inspection when the environment has low visibility. However, their use in odometry estimation is hampered by the lack of robust visual features. In part, this is a…
▽ More
Visual odometry shows excellent performance in a wide range of environments. However, in visually-denied scenarios (e.g. heavy smoke or darkness), pose estimates degrade or even fail. Thermal cameras are commonly used for perception and inspection when the environment has low visibility. However, their use in odometry estimation is hampered by the lack of robust visual features. In part, this is as a result of the sensor measuring the ambient temperature profile rather than scene appearance and geometry. To overcome this issue, we propose a Deep Neural Network model for thermal-inertial odometry (DeepTIO) by incorporating a visual hallucination network to provide the thermal network with complementary information. The hallucination network is taught to predict fake visual features from thermal images by using Huber loss. We also employ selective fusion to attentively fuse the features from three different modalities, i.e thermal, hallucination, and inertial features. Extensive experiments are performed in hand-held and mobile robot data in benign and smoke-filled environments, showing the efficacy of the proposed model.
△ Less
Submitted 19 January, 2020; v1 submitted 16 September, 2019;
originally announced September 2019.
-
Zero-Velocity Detection - A Bayesian Approach to Adaptive Thresholding
Authors:
Johan Wahlström,
Isaac Skog,
Fredrik Gustafsson,
Andrew Markham,
Niki Trigoni
Abstract:
A Bayesian zero-velocity detector for foot-mounted inertial navigation systems is presented. The detector extends existing zero-velocity detectors based on the likelihood-ratio test, and allows, possibly time-dependent, prior information about the two hypotheses - the sensors being stationary or in motion - to be incorporated into the test. It is also possible to incorporate information about the…
▽ More
A Bayesian zero-velocity detector for foot-mounted inertial navigation systems is presented. The detector extends existing zero-velocity detectors based on the likelihood-ratio test, and allows, possibly time-dependent, prior information about the two hypotheses - the sensors being stationary or in motion - to be incorporated into the test. It is also possible to incorporate information about the cost of a missed detection or a false alarm. Specifically, we consider an hypothesis prior based on the velocity estimates provided by the navigation system and an exponential model for how the cost of a missed detection increases with the time since the last zero-velocity update. Thereby, we obtain a detection threshold that adapts to the motion characteristics of the user. Thus, the proposed detection framework efficiently solves one of the key challenges in current zero-velocity-aided inertial navigation systems: the tuning of the zero-velocity detection threshold. A performance evaluation on data with normal and fast gait demonstrates that the proposed detection framework outperforms any detector that chooses two separate fixed thresholds for the two gait speeds.
△ Less
Submitted 13 May, 2019; v1 submitted 19 March, 2019;
originally announced March 2019.
-
Map-aided Dead-reckoning --- A Study on Locational Privacy in Insurance Telematics
Authors:
Johan Wahlström,
Isaac Skog,
João G. P. Rodrigues,
Peter Händel,
Ana Aguiar
Abstract:
We present a particle-based framework for estimating the position of a vehicle using map information and measurements of speed. Two measurement functions are considered. The first is based on the assumption that the lateral force on the vehicle does not exceed critical limits derived from physical constraints. The second is based on the assumption that the driver approaches a target speed derived…
▽ More
We present a particle-based framework for estimating the position of a vehicle using map information and measurements of speed. Two measurement functions are considered. The first is based on the assumption that the lateral force on the vehicle does not exceed critical limits derived from physical constraints. The second is based on the assumption that the driver approaches a target speed derived from the speed limits along the upcoming trajectory. Performance evaluations of the proposed method indicate that end destinations often can be estimated with an accuracy in the order of $100\,[m]$. These results expose the sensitivity and commercial value of data collected in many of today's insurance telematics programs, and thereby have privacy implications for millions of policyholders. We end by discussing the strengths and weaknesses of different methods for anonymization and privacy preservation in telematics programs.
△ Less
Submitted 14 November, 2016;
originally announced November 2016.
-
The $β$-model for Random Graphs --- Regression, Cramér-Rao Bounds, and Hypothesis Testing
Authors:
Johan Wahlström,
Isaac Skog,
Patricio S. La Rosa,
Peter Händel,
Arye Nehorai
Abstract:
We develop a maximum-likelihood based method for regression in a setting where the dependent variable is a random graph and covariates are available on a graph-level. The model generalizes the well-known $β$-model for random graphs by replacing the constant model parameters with regression functions. Cramér-Rao bounds are derived for the undirected $β$-model, the directed $β$-model, and the genera…
▽ More
We develop a maximum-likelihood based method for regression in a setting where the dependent variable is a random graph and covariates are available on a graph-level. The model generalizes the well-known $β$-model for random graphs by replacing the constant model parameters with regression functions. Cramér-Rao bounds are derived for the undirected $β$-model, the directed $β$-model, and the generalized $β$-model. The corresponding maximum likelihood estimators are compared to the bounds by means of simulations. Moreover, examples are given on how to use the presented maximum likelihood estimators to test for directionality and significance. Last, the applicability of the model is demonstrated using dynamic social network data describing communication among healthcare workers.
△ Less
Submitted 14 November, 2016;
originally announced November 2016.
-
Smartphone-based Vehicle Telematics - A Ten-Year Anniversary
Authors:
Johan Wahlström,
Isaac Skog,
Peter Händel
Abstract:
Just like it has irrevocably reshaped social life, the fast growth of smartphone ownership is now beginning to revolutionize the driving experience and change how we think about automotive insurance, vehicle safety systems, and traffic research. This paper summarizes the first ten years of research in smartphone-based vehicle telematics, with a focus on user-friendly implementations and the challe…
▽ More
Just like it has irrevocably reshaped social life, the fast growth of smartphone ownership is now beginning to revolutionize the driving experience and change how we think about automotive insurance, vehicle safety systems, and traffic research. This paper summarizes the first ten years of research in smartphone-based vehicle telematics, with a focus on user-friendly implementations and the challenges that arise due to the mobility of the smartphone. Notable academic and industrial projects are reviewed, and system aspects related to sensors, energy consumption, cloud computing, vehicular ad hoc networks, and human-machine interfaces are examined. Moreover, we highlight the differences between traditional and smartphonebased automotive navigation, and survey the state-of-the-art in smartphone-based transportation mode classification, driver classification, and road condition monitoring. Future advances are expected to be driven by improvements in sensor technology, evidence of the societal benefits of current implementations, and the establishment of industry standards for sensor fusion and driver assessment
△ Less
Submitted 11 November, 2016;
originally announced November 2016.