국립중앙도서관 "우편 복사 서비스"로 연결 됩니다.
Deep learning frameworks on embedded devices are now the backbone of time sensitive systems such as autonomous cars, traffic management, and surveillance. Here, where milliseconds matter, ensuring models are secure and that resource constraint edge de...
다국어 입력
あ
ぁ
か
が
さ
ざ
た
だ
な
は
ば
ぱ
ま
や
ゃ
ら
わ
ゎ
ん
い
ぃ
き
ぎ
し
じ
ち
ぢ
に
ひ
び
ぴ
み
り
う
ぅ
く
ぐ
す
ず
つ
づ
っ
ぬ
ふ
ぶ
ぷ
む
ゆ
ゅ
る
え
ぇ
け
げ
せ
ぜ
て
で
ね
へ
べ
ぺ
め
れ
お
ぉ
こ
ご
そ
ぞ
と
ど
の
ほ
ぼ
ぽ
も
よ
ょ
ろ
を
ア
ァ
カ
サ
ザ
タ
ダ
ナ
ハ
バ
パ
マ
ヤ
ャ
ラ
ワ
ヮ
ン
イ
ィ
キ
ギ
シ
ジ
チ
ヂ
ニ
ヒ
ビ
ピ
ミ
リ
ウ
ゥ
ク
グ
ス
ズ
ツ
ヅ
ッ
ヌ
フ
ブ
プ
ム
ユ
ュ
ル
エ
ェ
ケ
ゲ
セ
ゼ
テ
デ
ヘ
ベ
ペ
メ
レ
オ
ォ
コ
ゴ
ソ
ゾ
ト
ド
ノ
ホ
ボ
ポ
モ
ヨ
ョ
ロ
ヲ
―
http://chineseinput.net/에서 pinyin(병음)방식으로 중국어를 변환할 수 있습니다.
변환된 중국어를 복사하여 사용하시면 됩니다.
예시)
- 中文 을 입력하시려면 zhongwen을 입력하시고 space를누르시면됩니다.
- 北京 을 입력하시려면 beijing을 입력하시고 space를 누르시면 됩니다.
А
Б
В
Г
Д
Е
Ё
Ж
З
И
Й
К
Л
М
Н
О
П
Р
С
Т
У
Ф
Х
Ц
Ч
Ш
Щ
Ъ
Ы
Ь
Э
Ю
Я
а
б
в
г
д
е
ё
ж
з
и
й
к
л
м
н
о
п
р
с
т
у
ф
х
ц
ч
ш
щ
ъ
ы
ь
э
ю
я
′
″
℃
Å
¢
£
¥
¤
℉
‰
$
%
F
₩
㎕
㎖
㎗
ℓ
㎘
㏄
㎣
㎤
㎥
㎦
㎙
㎚
㎛
㎜
㎝
㎞
㎟
㎠
㎡
㎢
㏊
㎍
㎎
㎏
㏏
㎈
㎉
㏈
㎧
㎨
㎰
㎱
㎲
㎳
㎴
㎵
㎶
㎷
㎸
㎹
㎀
㎁
㎂
㎃
㎄
㎺
㎻
㎽
㎾
㎿
㎐
㎑
㎒
㎓
㎔
Ω
㏀
㏁
㎊
㎋
㎌
㏖
㏅
㎭
㎮
㎯
㏛
㎩
㎪
㎫
㎬
㏝
㏐
㏓
㏃
㏉
㏜
㏆
RISS 인기검색어
Advancing Robust Object Detection: A Study on Adversarial Attacks for Edge AI = 강건한 객체 탐지 고도화를 위한 연구 : 엣지 AI 환경의 적대적 공격 분석
한글로보기https://www.riss.kr/link?id=T17371017
- 저자
-
발행사항
인천 : 인천대학교 대학원, 2026
-
학위논문사항
학위논문(석사) -- 인천대학교 대학원 , 컴퓨터공학과 Robustness in Object Detection , 2026. 2
-
발행연도
2026
-
작성언어
영어
- 주제어
-
발행국(도시)
인천
-
형태사항
78 ; 26 cm
-
일반주기명
지도교수: Jangho Lee
-
UCI식별코드
I804:23006-200000952623
-
소장기관
- 인천대학교 학산도서관
- 인천대학교 학산도서관
-
0
상세조회 -
0
다운로드
부가정보
다국어 초록 (Multilingual Abstract)
Deep learning frameworks on embedded devices are now the backbone of time sensitive systems such as autonomous cars, traffic management, and surveillance. Here, where milliseconds matter, ensuring models are secure and that resource constraint edge devices remain responsive is of utmost concern. While previous research has made significant progress in model resilience against adversarial attacks, most of the research has had the narrow objective of degrading accuracy, and how their influence impacts inference latency is still a time-repeated under-solved problem. This work extends the adversarial research front past the accuracy-related metrics by porting the Phantom Sponge attack to the domain of monocular 3D object detection, a basic perception problem for autonomous driving. The proposed approach generates phantom objects that attack and saturate exactly the Non- Maximum Suppression (NMS) stage of the detection pipeline, resulting in a steep increase in false positives and slow detection time on edge devices. In order to balance the strength of the patch attack, we have proposed an alpha blending method along which uses an alpha value to blend with the Universal Adversarial Patch (UAP) to create adaptive adversarial samples that generalize different data input. We did detailed experiments and performed analysis on KITTI and Rope3D datasets. We tested across multiple hardware systems ranging from high- performance desktop GPUs to low-cost NVIDIA Jetson devices. We also tested the generalization capability of the UAP patch with unseen input image data from the NuScenes dataset, verifying its strength in different real world traffic scenarios. In addition to the effectiveness of detection, this research work shows how embedded devices like NVIDIA Jetson devices perform under a patch attack, highlighting the power usage, temperature variations, and inference latency operating in different power modes. The obtained results highlight a major vulnerability of object detection models which depends on Non-Max Suppression, as well as the hardware device on which they are deployed. Specifically, when such edge devices operate on low power modes, the Jetson Xavier showed a 7× increase in NMS latency and a 90.8% rise in SoC power consumption when dealing with perturbed images. These findings reflect how attacks from adversaries can disrupt model integrity as well as its response time. This research focuses on the need of defensive actions to safeguard precision detection, especially in safety critical situations.
Deep learning frameworks on embedded devices are now the backbone of time sensitive systems such as autonomous cars, traffic management, and surveillance. Here, where milliseconds matter, ensuring models are secure and that resource constraint edge devices remain responsive is of utmost concern. While previous research has made significant progress in model resilience against adversarial attacks, most of the research has had the narrow objective of degrading accuracy, and how their influence impacts inference latency is still a time-repeated under-solved problem. This work extends the adversarial research front past the accuracy-related metrics by porting the Phantom Sponge attack to the domain of monocular 3D object detection, a basic perception problem for autonomous driving. The proposed approach generates phantom objects that attack and saturate exactly the Non- Maximum Suppression (NMS) stage of the detection pipeline, resulting in a steep increase in false positives and slow detection time on edge devices. In order to balance the strength of the patch attack, we have proposed an alpha blending method along which uses an alpha value to blend with the Universal Adversarial Patch (UAP) to create adaptive adversarial samples that generalize different data input. We did detailed experiments and performed analysis on KITTI and Rope3D datasets. We tested across multiple hardware systems ranging from high- performance desktop GPUs to low-cost NVIDIA Jetson devices. We also tested the generalization capability of the UAP patch with unseen input image data from the NuScenes dataset, verifying its strength in different real world traffic scenarios. In addition to the effectiveness of detection, this research work shows how embedded devices like NVIDIA Jetson devices perform under a patch attack, highlighting the power usage, temperature variations, and inference latency operating in different power modes. The obtained results highlight a major vulnerability of object detection models which depends on Non-Max Suppression, as well as the hardware device on which they are deployed. Specifically, when such edge devices operate on low power modes, the Jetson Xavier showed a 7× increase in NMS latency and a 90.8% rise in SoC power consumption when dealing with perturbed images. These findings reflect how attacks from adversaries can disrupt model integrity as well as its response time. This research focuses on the need of defensive actions to safeguard precision detection, especially in safety critical situations.
목차 (Table of Contents)
- Abstract i
- Table of Contents iii
- List of Tables vi
- List of Figures vii
- Nomenclature viii
- Abstract i
- Table of Contents iii
- List of Tables vi
- List of Figures vii
- Nomenclature viii
- Chapter 1 Introduction 1
- 1.1. Research Motivation 2
- 1.2. Research objectives 3
- 1.3. Thesis outline 5
- Chapter 2 Literature Review and Background 7
- 2.1. Adversarial Attacks in Deep Learning 7
- 2.2. Integrity based Attacks 7
- 2.3. The Threat of Latency Attacks 8
- 2.4. 2D Object Detection: Principles and Challenges 10
- 2.5. 3D Object Detection: Overview 11
- 2.6. Monocular 3D Object Detection Techniques 13
- 2.7. Non-Maximum Suppression and Its Limitations 15
- Chapter 3 Methodology 17
- 3.1. Problem Formulation 18
- 3.2. Universal Adversarial Perturbations (UAP): Overview 19
- 3.3. Adaptation of Phantom Sponge Attack for 3D Detection 21
- 3.3.1. Attack Overview and Motivation 21
- 3.3.2. Loss Function Design 22
- 3.3.3. Final Optimization Objective 24
- 3.4. Rationale for target model selection 25
- 3.5. 3D Bounding Box Estimation Pipeline. 26
- 3.5.1. 3D Bounding Box Parameterization 26
- 3.5.2. Two-Stage Estimation Strategy 26
- Chapter 4 Experiments 28
- 4.1. Datasets 30
- 4.2. Hardware Platforms and Configurations 30
- 4.3. Evaluation Metrics 31
- 4.3.1. Test Sets and Metrics 32
- 4.3.2. Pipeline Analysis and Timing Methodology 32
- 4.4. Implementation Details 33
- 4.4.1. Target Models 33
- 4.4.2. Dataset and UAP Configuration 34
- 4.4.3. Evaluation of Hardware and Hyperparameters 34
- Chapter 5 Results and Discussion 36
- 5.1. Performance Across Hardware Platforms 37
- 5.2. Algorithm-Specific Vulnerability Analysis 39
- 5.3. Cross-Dataset Generalization 40
- 5.4. Impact of Perturbation Strength (Alpha-Blending) 41
- 5.5. Latency Degradation under Power Mode Constraints 43
- 5.6. Power and Thermal Load Analysis in Constrained Modes 44
- 5.7. Generalization to Unseen Real-World Datasets 46
- Chapter 6 Conclusion and Recommendations 49
- 6.1. Summary of Findings 49
- 6.2. Practical Implications and Real-World Applications 51
- 6.3. Recommendations and Future Research Directions 52
- 6.3.1. Defence Mechanism Recommendations 52
- 6.3.2. Future Research Direction 54
- 6.4. Conclusion 56
- References 58
- 국문 초록 64
- Acknowledgements 66
- Curriculum Vitae 67
분석정보
이 자료와 함께 이용한 RISS 자료
나만을 위한 추천자료
