TY - GEN
T1 - Enhancing Adversarial Robustness in Rail Detection via Frequency Domain Denoising and Model Distillation
AU - Cui, Xiaotong
AU - Zheng, Wei
AU - Wang, Rui
AU - Feng, Baiju
AU - Xiao, Jinyu
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - In view of the security risks caused by the track detection model's susceptibility to adversarial attacks and the lack of attack and defense verification on actual track defect data, this paper proposes two defense strategies: frequency domain denoising and model distillation. Frequency domain denoising combines wavelet transform and adversarial training to suppress high-frequency noise interference in adversarial samples through frequency domain decomposition. The proposed defense mechanism led to a 62.1% improvement in model accuracy and a 62.8% increase in mAP@50, demonstrating superior performance compared to using either wavelet transform or adversarial training independently. Model distillation gradually introduces adversarial samples and jointly optimizes detection loss and distillation loss. The proposed defense mechanism significantly improves model performance with gains of 13.0% in accuracy, 13.5% in recall, 20.0% in mAP@0.5, and 28.0% in mAP@0.5:0.95, establishing an optimal balance between precision and adversarial robustness.
AB - In view of the security risks caused by the track detection model's susceptibility to adversarial attacks and the lack of attack and defense verification on actual track defect data, this paper proposes two defense strategies: frequency domain denoising and model distillation. Frequency domain denoising combines wavelet transform and adversarial training to suppress high-frequency noise interference in adversarial samples through frequency domain decomposition. The proposed defense mechanism led to a 62.1% improvement in model accuracy and a 62.8% increase in mAP@50, demonstrating superior performance compared to using either wavelet transform or adversarial training independently. Model distillation gradually introduces adversarial samples and jointly optimizes detection loss and distillation loss. The proposed defense mechanism significantly improves model performance with gains of 13.0% in accuracy, 13.5% in recall, 20.0% in mAP@0.5, and 28.0% in mAP@0.5:0.95, establishing an optimal balance between precision and adversarial robustness.
KW - Track detection
KW - adversarial defense
KW - frequency domain denoising
KW - model distillation
UR - https://www.scopus.com/pages/publications/105036973283
U2 - 10.1109/ITSC60802.2025.11423563
DO - 10.1109/ITSC60802.2025.11423563
M3 - 会议稿件
AN - SCOPUS:105036973283
T3 - IEEE Conference on Intelligent Transportation Systems, Proceedings, ITSC
SP - 3943
EP - 3949
BT - IEEE Intelligent Transportation Systems Conference, ITSC 2025
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 28th International Conference on Intelligent Transportation Systems, ITSC 2025
Y2 - 18 November 2025 through 21 November 2025
ER -