Higher-order adversarial attacks can directly be considered the result of a cat-and-mouse game -- an elaborate action involving constant pursuit, near captures, and repeated escapes. This idiom describes the enduring circular training of adversarial attack patterns and adversarial training the best. The following work investigates the impact of higher-order adversarial attacks on object detectors by successively training attack patterns and hardening object detectors with adversarial training. The YOLOv10 object detector is chosen as a representative, and adversarial patches are used in an evasion attack manner. Our results indicate that higher-order adversarial patches are not only affecting the object detector directly trained on but rather provide a stronger generalization capacity compared to lower-order adversarial patches. Moreover, the results highlight that solely adversarial training is not sufficient to harden an object detector efficiently against this kind of adversarial attack. Code: https://github.com/JensBayer/HigherOrder

翻译：高阶对抗性攻击可被直接视为猫鼠博弈的结果——一种包含持续追逐、近乎捕获与反复逃脱的复杂行为。该习语最为贴切地描述了对抗性攻击模式与对抗性训练之间持久的循环训练过程。本研究通过连续训练攻击模式并结合对抗性训练强化目标检测器，系统探究了高阶对抗性攻击对目标检测器的影响。我们选择YOLOv10目标检测器作为代表性模型，并采用规避攻击方式部署对抗性补丁。实验结果表明，高阶对抗性补丁不仅能影响其直接训练所针对的目标检测器，与低阶对抗性补丁相比，还展现出更强的泛化能力。此外，研究结果强调，仅依靠对抗性训练不足以有效强化目标检测器以抵御此类对抗性攻击。代码地址：https://github.com/JensBayer/HigherOrder