DeepAI AI Chat
Log In Sign Up

Transferable, Controllable, and Inconspicuous Adversarial Attacks on Person Re-identification With Deep Mis-Ranking

by   Hongjun Wang, et al.
Guangzhou University

The success of DNNs has driven the extensive applications of person re-identification (ReID) into a new era. However, whether ReID inherits the vulnerability of DNNs remains unexplored. To examine the robustness of ReID systems is rather important because the insecurity of ReID systems may cause severe losses, e.g., the criminals may use the adversarial perturbations to cheat the CCTV systems. In this work, we examine the insecurity of current best-performing ReID models by proposing a learning-to-mis-rank formulation to perturb the ranking of the system output. As the cross-dataset transferability is crucial in the ReID domain, we also perform a back-box attack by developing a novel multi-stage network architecture that pyramids the features of different levels to extract general and transferable features for the adversarial perturbations. Our method can control the number of malicious pixels by using differentiable multi-shot sampling. To guarantee the inconspicuousness of the attack, we also propose a new perception loss to achieve better visual quality. Extensive experiments on four of the largest ReID benchmarks (i.e., Market1501 [45], CUHK03 [18], DukeMTMC [33], and MSMT17 [40]) not only show the effectiveness of our method, but also provides directions of the future improvement in the robustness of ReID systems. For example, the accuracy of one of the best-performing ReID systems drops sharply from 91.8 shown in Fig. 1. The code is available at


page 1

page 3

page 8

page 9

page 10


Multi-Expert Adversarial Attack Detection in Person Re-identification Using Context Inconsistency

The success of deep neural networks (DNNs) haspromoted the widespread ap...

Universal Adversarial Perturbations Against Person Re-Identification

Person re-identification (re-ID) has made great progress and achieved hi...

Meta Generative Attack on Person Reidentification

Adversarial attacks have been recently investigated in person re-identif...

Diverse Generative Adversarial Perturbations on Attention Space for Transferable Adversarial Attacks

Adversarial attacks with improved transferability - the ability of an ad...

Robust Person Re-identification with Multi-Modal Joint Defence

The Person Re-identification (ReID) system based on metric learning has ...

Look Closer to Your Enemy: Learning to Attack via Teacher-student Mimicking

This paper aims to generate realistic attack samples of person re-identi...

Fashion-Guided Adversarial Attack on Person Segmentation

This paper presents the first adversarial example based method for attac...