Significant structural differences in DNN-based object detectors hinders the transferability of adversarial attacks. Studies show that intermediate features extracted by the detector contain more model-independent information, and disrupting these features can enhance attack transferability across different detectors. However, the challenge lies in selecting crucial features that impact detection from redundant intermediate features. To address this issue, we introduce the Deep information bottleneck universal adversarial perturbation (DIB-UAP). DIB-UAP utilizes the deep information bottleneck to establish a link between intermediate features and model output, extracting crucial intermediate features and disrupting them to generate UAP with strong attack transferability. Additionally, we propose a data augmentation method, Scale & Tile, which effectively enhances the attack performance of UAP on medium and large-scale objects. Testing on two benchmark datasets with eight comparative methods across four black-box mainstream detectors has confirmed the attack transferability of DIB-UAP. Furthermore, practical utility validation of DIB-UAP has been conducted on a commercial object detection platform.

基于 DNN 的目标检测器的显着结构差异阻碍了对抗性攻击的可转移性。研究表明，检测器提取的中间特征包含更多与模型无关的信息，破坏这些特征可以增强攻击在不同检测器之间的可转移性。然而，挑战在于从冗余中间特征中选择影响检测的关键特征。为了解决这个问题，我们引入了深度信息瓶颈通用对抗扰动（DIB-UAP）。 DIB-UAP利用深度信息瓶颈在中间特征和模型输出之间建立联系，提取关键的中间特征并对其进行破坏，生成具有较强攻击可转移性的UAP。此外，我们提出了一种数据增强方法Scale & Tile，有效增强了UAP对中大型物体的攻击性能。使用四个黑盒主流检测器的八种比较方法对两个基准数据集进行测试，证实了 DIB-UAP 的攻击可转移性。此外，DIB-UAP的实用性验证已在商业目标检测平台上进行。