Darren Yu Yang,Jay Xiong,Xincheng Li,Xu Yan,John Raiti,Yuntao Wang,HuaQiang Wu,Zhenyu Zhong

DOI: https://doi.org/10.1109/UEMCON.2018.8796670

2018-01-01

Abstract:Deep learning based object detection algorithms like R-CNN, SSD, YOLO have been applied to many scenarios, including video surveillance, autonomous vehicle, intelligent robotics et al. With more and more application and autonomy left to deep learning based artificial intelligence, humans want to ensure that the machine does the best for them under their control. However, deep learning algorithms are known to be vulnerable to carefully crafted input known as adversarial examples which makes it possible for an attacker to fool an AI system. In this work, we explored the mechanism behind the YOLO object detector and proposed an optimization method to craft adversarial examples to attack the YOLO model. The experiment shows that this white box attack method is effective and has a success rate of 100% in crafting digital adversarial examples to fool the YOLO model. We also proposed a robust physical adversarial sticker generation method based on an extended Expectation Over Transformation (EOT) method(a method to craft adversarial example in the physical world). We conduct experiments to find the most effective approach to generate adversarial stickers. We tested the stickers both digitally as a watermark and physically showing it on an electronic screen on the front surface of a person. Our result shows that the sticker attack as a watermark has a success rate of 90% and 45% on photos taken indoors and on random 318 pictures from ImageNet. Our physical attack also has a success rate of 72% on photos taken indoors. We shared our project source code on the Github and our work is reproducible.

Deepa D. Shankar,Nesma Khalil,Adresya Suresh Azhakath

DOI: https://doi.org/10.1007/s11042-022-13638-w

IF: 2.577

2022-08-20

Multimedia Tools and Applications

Abstract:The fast evolution of Information and Digital technology had given way for internet to be an effective medium for communication. This has also paved way for data exploitation. Therefore, users must protect their data from misuse. This led to the emergence of security framework like Information Hiding. Steganography and Steganalysis are of the two primary techniques in the field of Information Hiding. Steganography is the science of concealing confidential information, while steganalysis is the art of detecting the existence of that information. The primary goal of this research is to address the general concept of steganalysis, and various breaches associated with it. It involves a blind statistical steganalysis technique that is led in Joint Photographic Experts Group (JPEG) text embedded images by extracting features that illustrate an alteration during an embedding. The images used as embedding medium are uncalibrated and the percentage of the embedding used in this study is 50%. The text embedding is done using various steganographic schemes in the spatial and transform domain. The steganographic schemes considered are Least Significant Bit (LSB) Matching, Least Significant Bit (LSB) Replacement, Pixel Value Differencing and F5. After steganographic embedding of the data, the first order, second order, extended Discrete Cosine Transform (DCT) and Markov features are extracted. Then, Principal Component Analysis (PCA) is used as a system for feature dimensionality reduction. Furthermore, the technique of machine learning is incorporated by means of a classifier to identify the stego image and cover image. Support Vector Machine (SVM) and Support Vector Machine with Particle Swarm Optimization (SVM-PSO) are the classifiers examined in this paper for a comparative study. Moreover, the concept of cross-validation is also incorporated in this work. Six dissimilar kernel functions and four diverse samplings are used during classification to check on the effectiveness of the kernels and sampling in classification.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Wenbin Wang,Haixia Long

DOI: https://doi.org/10.1109/MLCCIM60412.2023.00046

2023-01-01

Abstract:With the rapid advancement of hardware sources such as GPU computing capacity, implementing deep learning techniques in computer vision has become a trend. Object detection is one of the core challenges in computer vision research and serves as a crucial foundation for comprehending visual data. This task has been explored extensively in both academic and real-world applications, including surveillance security, autonomous driving, traffic monitoring, drone scene analysis, and robot vision[1]. Current object detection techniques rely primarily on neural networks, particularly large-scale ones, with parameter quantity far exceeding the training data. The resulting excess capacity parameter may pose security risks[3], such as backdoor attacks[13]. However, current research on the security of the model focuses primarily on the classification problem, and lacks relevant research on object detection models for broader applications and more complex problems. In this research, we investigated the viability of backdoor attacks against the traditional object detection model YOLOV5. We were motivated by the loss function of YOLOV5, and when poisoning the data, we took into account the size of the poisoning region and the placement of the poisoning such that the horse was attacked as if it were a human. In the PASACAL 2007 dataset, the improved poisoning approach increased the attack success rate on the detection model by 61.1% and 22.2%, respectively, in comparison to the traditional poisoning methods BadNets[1] and Blended Injection Attack[7].

Yueyun Shang,Shunzhi Jiang,Dengpan Ye,Jiaqing Huang

DOI: https://doi.org/10.3390/math8091446

IF: 2.4

2020-08-28

Mathematics

Abstract:Steganography is a collection of techniques for concealing the existence of information by embedding it within a cover. With the development of deep learning, some novel steganography methods have appeared based on the autoencoder or generative adversarial networks. While the deep learning based steganography methods have the advantages of automatic generation and capacity, the security of the algorithm needs to improve. In this paper, we take advantage of the linear behavior of deep learning networks in higher space and propose a novel steganography scheme which enhances the security by adversarial example. The system is trained with different training settings on two datasets. The experiment results show that the proposed scheme could escape from deep learning steganalyzer detection. Besides, the produced stego could extract secret image with less distortion.

mathematics

Ricardo Sanchez-Matilla,Chau Yi Li,Ali Shahin Shamsabadi,Riccardo Mazzon,Andrea Cavallaro

DOI: https://doi.org/10.48550/arXiv.2007.09766

2020-07-19

Computer Vision and Pattern Recognition

Abstract:Adversarial perturbations can be added to images to protect their content from unwanted inferences. These perturbations may, however, be ineffective against classifiers that were not {seen} during the generation of the perturbation, or against defenses {based on re-quantization, median filtering or JPEG compression. To address these limitations, we present an adversarial attack {that is} specifically designed to protect visual content against { unseen} classifiers and known defenses. We craft perturbations using an iterative process that is based on the Fast Gradient Signed Method and {that} randomly selects a classifier and a defense, at each iteration}. This randomization prevents an undesirable overfitting to a specific classifier or defense. We validate the proposed attack in both targeted and untargeted settings on the private classes of the Places365-Standard dataset. Using ResNet18, ResNet50, AlexNet and DenseNet161 {as classifiers}, the performance of the proposed attack exceeds that of eleven state-of-the-art attacks. The implementation is available at https://github.com/smartcameras/RP-FGSM/.

Kangyi Ding,Teng Hu,Weina Niu,Xiaolei Liu,Junpeng He,Mingyong Yin,Xiaosong Zhang

DOI: https://doi.org/10.3390/s22176497

2022-08-29

Abstract:The Internet has become the main channel of information communication, which contains a large amount of secret information. Although network communication provides a convenient channel for human communication, there is also a risk of information leakage. Traditional image steganography algorithms use manually crafted steganographic algorithms or custom models for steganography, while our approach uses ordinary OCR models for information embedding and extraction. Even if our OCR models for steganography are intercepted, it is difficult to find their relevance to steganography. We propose a novel steganography method for character-level text images based on adversarial attacks. We exploit the complexity and uniqueness of neural network boundaries and use neural networks as a tool for information embedding and extraction. We use an adversarial attack to embed the steganographic information into the character region of the image. To avoid detection by other OCR models, we optimize the generation of the adversarial samples and use a verification model to filter the generated steganographic images, which, in turn, ensures that the embedded information can only be recognized by our local model. The decoupling experiments show that the strategies we adopt to weaken the transferability can reduce the possibility of other OCR models recognizing the embedded information while ensuring the success rate of information embedding. Meanwhile, the perturbations we add to embed the information are acceptable. Finally, we explored the impact of different parameters on the algorithm with the potential of our steganography algorithm through parameter selection experiments. We also verify the effectiveness of our validation model to select the best steganographic images. The experiments show that our algorithm can achieve a 100% information embedding rate and more than 95% steganography success rate under the set condition of 3 samples per group. In addition, our embedded information can be hardly detected by other OCR models.

Arivazhagan Selvaraj,Amrutha Ezhilarasan,Sylvia Lilly Jebarani Wellington,Ananthi Roy Sam

DOI: https://doi.org/10.1049/ipr2.12043

IF: 2.3

2020-12-13

IET Image Processing

Abstract:Steganography, a branch of data hiding techniques aims to hide confidential information within any digital media by obscuring the existence of hidden information. On the contrary, steganalysis aims to detect steganography. With the advent of powerful steganographic algorithms, the process of cracking them became very challenging. Traditional steganalysis following machine learning principle employs a two‐step process, with first process extracting highly sophisticated features capable of discriminating hidden message from original data and second process classifying the input as innocent or guilty. In recent years, deep learning which has its roots in artificial neural networks emerged as a brilliant alternative for many computer vision tasks. A review of recent research works in deep learning based digital image steganalysis is presented here. The paradigm shift from machine learning approaches to employing more promising deep learning architectures, observed with the current research community and hence in literature has been presented here in chronological order. Deep learning can unify the two‐step process into a single process by giving the ability for machine to learn end‐to‐end by itself. The use of Convolutional Neural Networks to perform steganalysis in spatial or transform or combination of both domains has effectively lowered the detection error rates.

computer science, artificial intelligence,engineering, electrical & electronic,imaging science & photographic technology

Shaofeng Li,Minhui Xue,Benjamin Zi Hao Zhao,Haojin Zhu,Xinpeng Zhang

DOI: https://doi.org/10.48550/arXiv.1909.02742

2020-08-31

Abstract:Deep neural networks (DNNs) have been proven vulnerable to backdoor attacks, where hidden features (patterns) trained to a normal model, which is only activated by some specific input (called triggers), trick the model into producing unexpected behavior. In this paper, we create covert and scattered triggers for backdoor attacks, invisible backdoors, where triggers can fool both DNN models and human inspection. We apply our invisible backdoors through two state-of-the-art methods of embedding triggers for backdoor attacks. The first approach on Badnets embeds the trigger into DNNs through steganography. The second approach of a trojan attack uses two types of additional regularization terms to generate the triggers with irregular shape and size. We use the Attack Success Rate and Functionality to measure the performance of our attacks. We introduce two novel definitions of invisibility for human perception; one is conceptualized by the Perceptual Adversarial Similarity Score (PASS) and the other is Learned Perceptual Image Patch Similarity (LPIPS). We show that the proposed invisible backdoors can be fairly effective across various DNN models as well as four datasets MNIST, CIFAR-10, CIFAR-100, and GTSRB, by measuring their attack success rates for the adversary, functionality for the normal users, and invisibility scores for the administrators. We finally argue that the proposed invisible backdoor attacks can effectively thwart the state-of-the-art trojan backdoor detection approaches, such as Neural Cleanse and TABOR.

Cryptography and Security,Computer Vision and Pattern Recognition,Machine Learning

Ka-Ho Chow,Ling Liu,Mehmet Emre Gursoy,Stacey Truex,Wenqi Wei,Yanzhao Wu

DOI: https://doi.org/10.48550/arXiv.2007.05828

2020-07-12

Abstract:Deep neural networks based object detection models have revolutionized computer vision and fueled the development of a wide range of visual recognition applications. However, recent studies have revealed that deep object detectors can be compromised under adversarial attacks, causing a victim detector to detect no object, fake objects, or mislabeled objects. With object detection being used pervasively in many security-critical applications, such as autonomous vehicles and smart cities, we argue that a holistic approach for an in-depth understanding of adversarial attacks and vulnerabilities of deep object detection systems is of utmost importance for the research community to develop robust defense mechanisms. This paper presents a framework for analyzing and evaluating vulnerabilities of the state-of-the-art object detectors under an adversarial lens, aiming to analyze and demystify the attack strategies, adverse effects, and costs, as well as the cross-model and cross-resolution transferability of attacks. Using a set of quantitative metrics, extensive experiments are performed on six representative deep object detectors from three popular families (YOLOv3, SSD, and Faster R-CNN) with two benchmark datasets (PASCAL VOC and MS COCO). We demonstrate that the proposed framework can serve as a methodical benchmark for analyzing adversarial behaviors and risks in real-time object detection systems. We conjecture that this framework can also serve as a tool to assess the security risks and the adversarial robustness of deep object detectors to be deployed in real-world applications.

Cryptography and Security,Computer Vision and Pattern Recognition,Machine Learning

Zhenxing Qian,Nan Zhong,Hsunfang Cho,Xinpeng Zhang,Yusheng Guo

DOI: https://doi.org/10.1109/APSIPAASC58517.2023.10317351

2023-10-31

Abstract:Image steganography plays a vital role in the realm of information hiding, involving the discreet embedding of confidential data within an image. However, the misuse of this technology by malicious actors on social media platforms poses a significant threat to public security. Presently, the primary defense against image steganography is steganalysis technology, which effectively distinguishes steganographic images from regular ones by detecting subtle modifications. Nevertheless, there is considerable room for improvement in existing steganalysis techniques, especially when dealing with small payloads. In this paper, we propose a proactive strategy to enhance the detection of steganographic images with small payloads. Specifically, as the image is captured, we apply a meticulous-designed and imperceptible mask to it. This mask is aimed at increasing the success rate of detection. We have developed three convolutional neural networks (CNNs) to facilitate this proactive image processing: preemptive-CNN, steganography network (Stego-CNN), and steganalysis discriminator. During the training process, Stego-CNN remains unaltered, while preemptive-CNN and the discriminator are jointly trained to ensure that the applied mask enhances the detection accuracy. Experimental results demonstrate the effectiveness of our proposed approach in enhancing the detection accuracy, all without compromising the visual quality of the images.

Computer Science

Yiwei Zhang,Weiming Zhang,Kejiang Chen,Jiayang Liu,Yujia Liu,Nenghai Yu

DOI: https://doi.org/10.1145/3206004.3206012

2018-01-01

Abstract:Deep neural network based steganalysis has developed rapidly in recent years, which poses a challenge to the security of steganography. However, there is no steganography method that can effectively resist the neural networks for steganalysis at present. In this paper, we propose a new strategy that constructs enhanced covers against neural networks with the technique of adversarial examples. The enhanced covers and their corresponding stegos are most likely to be judged as covers by the networks. Besides, we use both deep neural network based steganalysis and high-dimensional feature classifiers to evaluate the performance of steganography and propose a new comprehensive security criterion. We also make a tradeoff between the two analysis systems and improve the comprehensive security. The effectiveness of the proposed scheme is verified with the evidence obtained from the experiments on the BOSSbase using the steganography algorithm of WOW and popular steganalyzers with rich models and three state-of-the-art neural networks.

Yuwei Ge,Tao Zhang,Haihua Liang,Qingfeng Jiang,Dan Wang

DOI: https://doi.org/10.3390/electronics10222742

IF: 2.9

2021-01-01

Electronics

Abstract:Image steganalysis is a technique for detecting the presence of hidden information in images, which has profound significance for maintaining cyberspace security. In recent years, various deep steganalysis networks have been proposed in academia, and have achieved good detection performance. Although convolutional neural networks (CNNs) can effectively extract the features describing the image content, the difficulty lies in extracting the subtle features that describe the existence of hidden information. Considering this concern, this paper introduces separable convolution and adversarial mechanism, and proposes a new network structure that effectively solves the problem. The separable convolution maximizes the residual information by utilizing its channel correlation. The adversarial mechanism makes the generator extract more content features to mislead the discriminator, thus separating more steganographic features. We conducted experiments on BOSSBase1.01 and BOWS2 to detect various adaptive steganography algorithms. The experimental results demonstrate that our method extracts the steganographic features effectively. The separable convolution increases the signal-to-noise ratio, maximizes the channel correlation of residuals, and improves efficiency. The adversarial mechanism can separate more steganographic features, effectively improving the performance. Compared with the traditional steganalysis methods based on deep learning, our method shows obvious improvements in both detection performance and training efficiency.

Yuan Chao,Wang Hongxia,He Peisong,Luo Jie,Li Bin

DOI: https://doi.org/10.1007/s11042-021-11778-z

IF: 2.577

2022-01-01

Multimedia Tools and Applications

Abstract:In recent years, the development of steganalysis based on convolutional neural networks (CNN) has brought new challenges to the security of image steganography. However, the current steganographic methods are difficult to resist the detection of CNN-based steganalyzers. To solve this problem, we propose an end-to-end image steganographic scheme based on generative adversarial networks (GAN) with adversarial attack and pixel-wise deep fusion. There are mainly four modules in the proposed scheme: the universal adversarial network is utilized in Attack module to fool CNN-based steganalyzers for enhancing security; Encoder module is seen as the generator to implement the pixel-wise deep fusion for imperceptible information embedding with high payload; Decoder module is responsible for the process of recovering embedded information; Critic module is designed for the discriminator to provide objective scores and conduct adversarial training. Besides, multiple loss functions together with Wasserstein GAN strategy are applied to enhance the stability and availability of the proposed scheme. Experiments on different datasets have verified the advantages of adding universal adversarial perturbations for higher security against CNN-based steganalyzers without compromising imperceptibility. Compared with state-of-the-art methods, the proposed scheme has achieved better performance in security.

Nandhini Subramanian,Omar Elharrouss,Somaya Al-Maadeed,Ahmed Bouridane

DOI: https://doi.org/10.1109/access.2021.3053998

IF: 3.9

2021-01-01

IEEE Access

Abstract:Image Steganography is the process of hiding information which can be text, image or video inside a cover image. The secret information is hidden in a way that it not visible to the human eyes. Deep learning technology, which has emerged as a powerful tool in various applications including image steganography, has received increased attention recently. The main goal of this paper is to explore and discuss various deep learning methods available in image steganography field. Deep learning techniques used for image steganography can be broadly divided into three categories - traditional methods, Convolutional Neural Network-based and General Adversarial Network-based methods. Along with the methodology, an elaborate summary on the datasets used, experimental set-ups considered and the evaluation metrics commonly used are described in this paper. A table summarizing all the details are also provided for easy reference. This paper aims to help the fellow researchers by compiling the current trends, challenges and some future direction in this field.

computer science, information systems,telecommunications,engineering, electrical & electronic

Dewang Wang,Gaobo Yang,Zhiqing Guo,Jiyou Chen

DOI: https://doi.org/10.1016/j.jisa.2024.103835

IF: 4.96

2024-07-26

Journal of Information Security and Applications

Abstract:Adversarial embedding, which can deceive the CNN-based steganalyzers, has emerged as an effective strategy to improve image steganography security. However, its efficacy might be easily weakened when confronting re-trained or unknown steganalyzers. In this work, the security of adversarial embedding-based image steganography is further improved by ensemble steganalysis and adversarial perturbation minimization. Different from the existing works that rely on a single targeted steganalyzer, the proposed approach develops an ensemble steganographic classifier, which leverages the majority voting rule to smartly select those pixels that are more suitable for adversarial embedding. To mitigate the interference caused by adversarial embedding, two strategies are adopted. Firstly, a cover image is divided into two non-overlapping regions in terms of pixel gradient amplitude. The regions with higher gradient amplitudes are progressively conducted with adversarial embedding until the targeted steganalyzer is effectively deceived. Secondly, the embedding costs are fine-tuned to minimize the degradation of image quality. Extensive experimental results demonstrate that the proposed approach achieves superior steganography security. Under black-box attacks, with S-UNIWARD and HILL as baseline methods and Deng-Net as the targeted steganalyzer, the proposed approach improves the average detection accuracy of 4.88% and 2.47% for S-UNIWARD and HILL, respectively. In comparison, the existing works only achieve improvements of 2.88% and 2.93% for S-UNIWARD, and 1.44% and 1.12% for HILL, respectively.

computer science, information systems

Fangjian Tao,Chunjie Cao,Hong Li,Binghui Zou,Longjuan Wang,Jingzhang Sun

DOI: https://doi.org/10.3390/app13116588

2023-01-01

Abstract:Deep steganography (DS), using neural networks to hide one image in another, has performed well in terms of invisibility, embedding capacity, etc. Current steganalysis methods for DS can only detect or remove secret images hidden in natural images and cannot analyze or modify secret content. Our technique is the first approach to not only effectively prevent covert communications using DS, but also analyze and modify the content of covert communications. We proposed a novel adversarial attack method for DS considering both white-box and black-box scenarios. For the white-box attack, several novel loss functions were applied to construct a gradient- and optimizer-based adversarial attack that could delete and modify secret images. As a more realistic case, a black-box method was proposed based on surrogate training and a knowledge distillation technique. All methods were tested on the Tiny ImageNet and MS COCO datasets. The experimental results showed that the proposed attack method could completely remove or even modify the secret image in the container image while maintaining the latter's high quality. More importantly, the proposed adversarial attack method can also be regarded as a new DS approach.

Haotian Zhang,Xu Ma

DOI: https://doi.org/10.1016/j.cose.2022.102876

2022-11-01

Abstract:Object detection is a hot topic in computer vision (CV), and it has many applications in various security fields. However, many works have demonstrated that neural network-based object detection is vulnerable to adversarial attacks. In this paper, we study adversarial attacks on object detectors in the real world and propose a new adversarial attack called Misleading Attention and Classification Attack (MACA), which can generate adversarial patches to mislead the object detectors. Specifically, we propose a new scheme to generate adversarial patches to fool the object detector. Our scheme restricts the noise of the adversarial patches and aims to ensure that the generated adversarial patches are visually similar to natural images. The attack simulates the complex external physical environment and the 3D transformations of non-rigid objects to increase the robustness of adversarial patches. We attack the up-to-date object detectors (e.g., Yolo-V5), and we prove that our technique has strong transferability among different detectors. Extensive experiments show that it is feasible to transfer the digital adversarial patches to the real world while maintaining the transferability of adversarial patches among different models and the success rate of adversarial attacks.

computer science, information systems

Blair Fyffe,Yunjia Wang,Ishbel Duncan

DOI: https://doi.org/10.1080/23742917.2019.1609393

2019-01-01

Journal of Cyber Security Technology

Abstract:In 2014 it was estimated that 1.8 billion images were uploaded daily to the Internet, and in 2018 it is estimated that 3.2 billion images are shared daily. Some of these uploaded images may contain hidden information that can potentially be malicious (e.g. an image that contains hidden information regarding terrorism recruitment) or may cause serious damage (e.g. an employee wishing to hide sensitive company details in an image file and exporting the image to third parties). This research studied the most effective methods in manipulating images to hide information (Data Loss). Significant work has been done on computational algorithmic detection. Yet the desired output from this work was to find the point at which a human can no longer visually establish the difference between an original image and a manipulated image. This research examines the extent of use for file formats, bit depth alterations, least significant bits, message and audio concealment and watermark and filtering techniques for image steganography. The findings of this study indicated that audio insertion and picture insertion into cover image files are the strongest in deceiving the human eye. These results have been categorised for human visual perception in image-based steganography.

Varsha Himthani,Vijaypal Singh Dhaka,Manjit Kaur,Geeta Rani,Meet Oza,Heung-No Lee

DOI: https://doi.org/10.1038/s41598-022-17362-1

2022-10-07

Abstract:Increasing data infringement while transmission and storage have become an apprehension for the data owners. Even the digital images transmitted over the network or stored at servers are prone to unauthorized access. However, several image steganography techniques were proposed in the literature for hiding a secret image by embedding it into cover media. But the low embedding capacity and poor reconstruction quality of images are significant limitations of these techniques. To overcome these limitations, deep learning-based image steganography techniques are proposed in the literature. Convolutional neural network (CNN) based U-Net encoder has gained significant research attention in the literature. However, its performance efficacy as compared to other CNN based encoders like V-Net and U-Net++ is not implemented for image steganography. In this paper, V-Net and U-Net++ encoders are implemented for image steganography. A comparative performance assessment of U-Net, V-Net, and U-Net++ architectures are carried out. These architectures are employed to hide the secret image into the cover image. Further, a unique, robust, and standard decoder for all architectures is designed to extract the secret image from the cover image. Based on the experimental results, it is identified that U-Net architecture outperforms the other two architectures as it reports high embedding capacity and provides better quality stego and reconstructed secret images.

Sanyam Jain

DOI: https://doi.org/10.48550/arXiv.2306.06071

2023-05-27

Computer Vision and Pattern Recognition

Abstract:This paper implements and investigates popular adversarial attacks on the YOLOv5 Object Detection algorithm. The paper explores the vulnerability of the YOLOv5 to adversarial attacks in the context of traffic and road sign detection. The paper investigates the impact of different types of attacks, including the Limited memory Broyden Fletcher Goldfarb Shanno (L-BFGS), the Fast Gradient Sign Method (FGSM) attack, the Carlini and Wagner (C&W) attack, the Basic Iterative Method (BIM) attack, the Projected Gradient Descent (PGD) attack, One Pixel Attack, and the Universal Adversarial Perturbations attack on the accuracy of YOLOv5 in detecting traffic and road signs. The results show that YOLOv5 is susceptible to these attacks, with misclassification rates increasing as the magnitude of the perturbations increases. We also explain the results using saliency maps. The findings of this paper have important implications for the safety and reliability of object detection algorithms used in traffic and transportation systems, highlighting the need for more robust and secure models to ensure their effectiveness in real-world applications.