Darknet: Adversarial attack on Detector

@AlexeyAB Hi,

I could detect the dog with these parameters. Can you explain more about this feature?

@zpmmehrdad

Can you explain more about this feature?

• Regular training - network during training changes their weights to required detect objects
• Adversarial attack - network during training changes initial image to required detect objects, so you can make this neural network detect the objects you need, and not detect unnecessary

I improved adversarial attack and training. Download the latest Darknet code.
Now use default settings.

this is a kind of transfer learning or fine tuning? won't it affect global performance (improving one class while degrading others) ?

@HagegeR This is a utility for this to fool the detector. It does't train the model, it train the image.
To train the model use this: https://github.com/AlexeyAB/darknet/issues/5117

@zpmmehrdad

Can you explain more about this feature?

• Regular training - network during training changes their weights to required detect objects
• Adversarial attack - network during training changes initial image to required detect objects, so you can make this neural network detect the objects you need, and not detect unnecessary

I improved adversarial attack and training. Download the latest Darknet code.
Now use default settings.

Should "to required detect objects" be "to detect required objects" ?
By adding some noise on the dog to make it look like a cat (to machine but not to human), then training the model to detect the modified dog , "so you can make this neural network detect the objects you need (dog)" , right?
Similar to this?

@sisrfeng Yes, but since we have access to the structure+weights of neural network (not just black-box), so we can do such attack more efficient (with less changes - like side effects of image-compression).
But we can also teach it to defend herself against such attacks.