The Segment Anything Model (SAM) is a cornerstone of image segmentation, demonstrating exceptional performance across various applications, particularly in autonomous driving and medical imaging, where precise segmentation is crucial. However, SAM is vulnerable to adversarial attacks that can significantly impair its functionality through minor input perturbations. Traditional techniques, such as FGSM and PGD, are often ineffective in segmentation tasks due to their reliance on global perturbations that overlook spatial nuances. Recent methods like Attack-SAM-K and UAD have begun to address these challenges, but they frequently depend on external cues and do not fully leverage the structural interdependencies within segmentation processes. This limitation underscores the need for a novel adversarial strategy that exploits the unique characteristics of segmentation tasks. In response, we introduce the Region-Guided Attack (RGA), designed specifically for SAM. RGA utilizes a Region-Guided Map (RGM) to manipulate segmented regions, enabling targeted perturbations that fragment large segments and expand smaller ones, resulting in erroneous outputs from SAM. Our experiments demonstrate that RGA achieves high success rates in both white-box and black-box scenarios, emphasizing the need for robust defenses against such sophisticated attacks. RGA not only reveals SAM's vulnerabilities but also lays the groundwork for developing more resilient defenses against adversarial threats in image segmentation.

翻译：Segment Anything模型（SAM）是图像分割领域的基石，在多种应用中展现出卓越性能，尤其在自动驾驶和医学成像等需要精确分割的场景中至关重要。然而，SAM容易受到对抗性攻击的影响，这些攻击通过微小的输入扰动即可显著削弱其功能。传统技术如FGSM和PGD在分割任务中往往效果有限，因为它们依赖于全局扰动而忽略了空间细节。近期方法如Attack-SAM-K和UAD已开始应对这些挑战，但它们常依赖外部线索，未能充分利用分割过程中的结构互依赖性。这一局限凸显了需要一种利用分割任务独特特性的新型对抗策略。为此，我们提出了专门针对SAM的区域引导攻击（RGA）。RGA利用区域引导图（RGM）来操纵分割区域，实现有针对性的扰动，从而分裂大片段并扩展小片段，导致SAM产生错误输出。我们的实验表明，RGA在白盒和黑盒场景下均实现了高成功率，强调了针对此类复杂攻击构建鲁棒防御的必要性。RGA不仅揭示了SAM的脆弱性，也为开发针对图像分割中对抗性威胁的更具弹性的防御机制奠定了基础。