Powered by OpenAIRE graph
Found an issue? Give us feedback
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/ arXiv.org e-Print Ar...arrow_drop_down
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
arXiv.org e-Print Archive
Preprint . 2022
Data sources: arXiv.org e-Print Archive
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
University of Bath's research portal
Article . 2024
Data sources: University of Bath's research portal
image/svg+xml Jakob Voss, based on art designer at PLoS, modified by Wikipedia users Nina and Beao Closed Access logo, derived from PLoS Open Access logo. This version with transparent background. http://commons.wikimedia.org/wiki/File:Closed_Access_logo_transparent.svg Jakob Voss, based on art designer at PLoS, modified by Wikipedia users Nina and Beao
UCL Discovery
Article . 2024
Data sources: UCL Discovery
image/svg+xml Jakob Voss, based on art designer at PLoS, modified by Wikipedia users Nina and Beao Closed Access logo, derived from PLoS Open Access logo. This version with transparent background. http://commons.wikimedia.org/wiki/File:Closed_Access_logo_transparent.svg Jakob Voss, based on art designer at PLoS, modified by Wikipedia users Nina and Beao
Pattern Recognition
Article . 2024 . Peer-reviewed
License: Elsevier TDM
Data sources: Crossref
https://dx.doi.org/10.48550/ar...
Article . 2022
License: arXiv Non-Exclusive Distribution
Data sources: Datacite
Pattern Recognition
Article . 2024 . Peer-reviewed
Data sources: European Union Open Data Portal
http://dx.doi.org/10.1016/j.pa...
Article
License: Elsevier TDM
Data sources: Sygma
 View all 7 versions
Claim

This Research product is the result of merged Research products in OpenAIRE.

You have already added 0 works in your ORCID record related to the merged Research product.

Understanding the vulnerability of skeleton-based Human Activity Recognition via black-box attack

descriptionPublicationkeyboard_double_arrow_right Article , Preprint 01 Sep 2024Embargo end date: 01 Jan 2022 English Publisher:Elsevier BVJournal:Pattern Recognition, volume 153, page 110,564 (issn: 0031-3203, Copyright policy )Funded by:UKRI | Humanlike physics underst..., UKRI | Centre for the Analysis o..., EC | CrowdDNA
Authors: Diao, Yunfeng; Wang, He; Shao, Tianjia; Yang, Yongliang; Zhou, Kun; Hogg, David; Wang, Meng;

doi: 10.1016/j.patcog.2024.110564 , 10.48550/arxiv.2211.11312

arXiv: 2211.11312

Understanding the vulnerability of skeleton-based Human Activity Recognition via black-box attack

Abstract

Human Activity Recognition (HAR) has been employed in a wide range of applications, e.g. self-driving cars, where safety and lives are at stake. Recently, the robustness of skeleton-based HAR methods have been questioned due to their vulnerability to adversarial attacks. However, the proposed attacks require the full-knowledge of the attacked classifier, which is overly restrictive. In this paper, we show such threats indeed exist, even when the attacker only has access to the input/output of the model. To this end, we propose the very first black-box adversarial attack approach in skeleton-based HAR called BASAR. BASAR explores the interplay between the classification boundary and the natural motion manifold. To our best knowledge, this is the first time data manifold is introduced in adversarial attacks on time series. Via BASAR, we find on-manifold adversarial samples are extremely deceitful and rather common in skeletal motions, in contrast to the common belief that adversarial samples only exist off-manifold. Through exhaustive evaluation, we show that BASAR can deliver successful attacks across classifiers, datasets, and attack modes. By attack, BASAR helps identify the potential causes of the model vulnerability and provides insights on possible improvements. Finally, to mitigate the newly identified threat, we propose a new adversarial training approach by leveraging the sophisticated distributions of on/off-manifold adversarial samples, called mixed manifold-based adversarial training (MMAT). MMAT can successfully help defend against adversarial attacks without compromising classification accuracy.

Accepted in Pattern Recognition. arXiv admin note: substantial text overlap with arXiv:2103.05266

Related Organizations
Keywords

/dk/atira/pure/subjectarea/asjc/1700/1702; name=Artificial Intelligence, FOS: Computer and information sciences, Adversarial robustness, Computer Vision and Pattern Recognition (cs.CV), Computer Science - Computer Vision and Pattern Recognition, skeletal action recognition, Skeletal action recognition, /dk/atira/pure/subjectarea/asjc/1700/1707; name=Computer Vision and Pattern Recognition, Black-box attack, On-manifold adversarial samples, /dk/atira/pure/subjectarea/asjc/1700/1711; name=Signal Processing, adversarial robustness, on-manifold adversarial samples, /dk/atira/pure/subjectarea/asjc/1700/1712; name=Software

  • BIP!
    Impact byBIP!
    selected citations
    These citations are derived from selected sources.
    This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 7
    popularity
    This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
    		 Top 10%
    influence
    This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 Top 10%
    impulse
    This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
    		 Top 10%
Powered by OpenAIRE graph
Found an issue? Give us feedback
selected citations
These citations are derived from selected sources.
This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Citations provided by BIP!
popularity
This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
BIP!Popularity provided by BIP!
influence
This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Influence provided by BIP!
impulse
This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
BIP!Impulse provided by BIP!
7
Top 10%
Top 10%
Top 10%
Green