Optimization Gradient Perception Adversarial Attack for Skeleton-Based Action Recognition
Skeleton-based action recognition models are widely used in the fields of autonomous driving,behavior monitoring and action analysis.Some studies have shown that these models are vulnerable to adversarial attacks,raising security and privacy concerns.Although existing attack methods can achieve high attack success rates under white-box setting,these methods require the attacker to obtain the full-knowledge of the model,which is difficult to achieve in real-world scenarios,and has weak transferability under black-box attacks.In order to solve this problem,the article proposed an optimization gradient perception adversarial attack for skeleton-based action recognition named NAG-PA.This method prioritized estimating the gradient in the next iteration in each iteration of gradient calculation,and accumulated gradients at the updated position.At the same time,the current position was corrected to avoid getting stuck in local optima,thereby improving the transferability of adversarial samples.More importantly,the method proposed in the article used perceptual loss to ensure that transferable attacks were imperceptible.Results on common used datasets and state-of-the-art skeletal action recognition models show that the method proposed in the article can significantly improve the transferability against adversarial attacks.
NETL
NSTL
万方数据
