The Segment Anything Model (SAM) is a cornerstone of image segmentation, demonstrating exceptional performance across various applications, particularly in autonomous driving and medical imaging, where precise segmentation is crucial. However, SAM is vulnerable to adversarial attacks that can significantly impair its functionality through minor input perturbations. Traditional techniques, such as FGSM and PGD, are often ineffective in segmentation tasks due to their reliance on global perturbations that overlook spatial nuances. Recent methods like Attack-SAM-K and UAD have begun to address these challenges, but they frequently depend on external cues and do not fully leverage the structural interdependencies within segmentation processes. This limitation underscores the need for a novel adversarial strategy that exploits the unique characteristics of segmentation tasks. In response, we introduce the Region-Guided Attack (RGA), designed specifically for SAM. RGA utilizes a Region-Guided Map (RGM) to manipulate segmented regions, enabling targeted perturbations that fragment large segments and expand smaller ones, resulting in erroneous outputs from SAM. Our experiments demonstrate that RGA achieves high success rates in both white-box and black-box scenarios, emphasizing the need for robust defenses against such sophisticated attacks. RGA not only reveals SAM's vulnerabilities but also lays the groundwork for developing more resilient defenses against adversarial threats in image segmentation.

翻译：Segment Anything模型（SAM）是图像分割领域的基石，在自动驾驶和医学影像等需要精确分割的应用中展现出卓越性能。然而，SAM易受对抗性攻击的影响，微小的输入扰动即可严重损害其功能。传统攻击技术（如FGSM和PGD）因依赖全局扰动而忽视空间细节，在分割任务中往往效果有限。近期方法如Attack-SAM-K和UAD开始应对这些挑战，但它们常依赖外部线索，未能充分利用分割过程中的结构互依性。这一局限凸显了需要一种能利用分割任务独特特性的新型对抗策略。为此，我们提出了专为SAM设计的区域引导攻击（RGA）。RGA通过区域引导图（RGM）操纵分割区域，实现针对性扰动：将大区域碎片化、小区域扩张化，从而导致SAM产生错误输出。实验表明，RGA在白盒与黑盒场景下均能实现高攻击成功率，这凸显了针对此类复杂攻击构建鲁棒防御机制的必要性。RGA不仅揭示了SAM的脆弱性，更为开发图像分割领域对抗性威胁的强韧防御体系奠定了基础。