Abstract
Adversarial attacks involve adding, small, often imperceptible, perturbationsto inputs with the goal of getting a machine learning model to misclassifyingthem. While many different adversarial attack strategies have been proposed onimage classification models, object detection pipelines have been much harderto break. In this paper, we propose a novel strategy to craft adversarialexamples by solving a constrained optimization problem using an adversarialgenerator network. Our approach is fast and scalable, requiring only a forwardpass through our trained generator network to craft an adversarial sample.Unlike in many attack strategies, we show that the same trained generator iscapable of attacking new images without explicitly optimizing on them. Weevaluate our attack on a trained Faster R-CNN face detector on the cropped300-W face dataset where we manage to reduce the number of detected faces to$0.5\%$ of all originally detected faces. In a different experiment, also on300-W, we demonstrate the robustness of our attack to a JPEG compression baseddefense typical JPEG compression level of $75\%$ reduces the effectiveness ofour attack from only $0.5\%$ of detected faces to a modest $5.0\%$.