<p>Continuous Sign Language Recognition (CSLR) serves as a critical bridge for communication between hearing-impaired and hearing individuals. Although recent CSLR models have achieved notable accuracy, their security vulnerabilities remain largely unexplored. In this paper, to the best of our knowledge, we propose the first Frequency Transform Attack (FTA) framework for CSLR, aiming to reveal some frequency attack security vulnerabilities in the mainstream CSLR models. We propose a spectral transformation strategy that leverages Discrete Cosine Transform (DCT) and Inverse DCT (IDCT) to generate diverse spectral perturbations for sign videos, achieving transferability and visual imperceptibility. We further construct a dedicated CSLR surrogate model that integrates spatial feature extraction with both short-term and long-term temporal modeling, enabling more accurate and stable gradient directions for generating adversarial examples. Moreover, we introduce a novel channel-aware low-pass filter, which effectively suppresses high-frequency components associated with edge details and background noise, thereby ensuring high visual imperceptibility without sacrificing attack strength. We evaluated FTA across six mainstream CSLR models on the PHOENIX-2014 and PHOENIX-2014T datasets. Quantitative results demonstrate that FTA achieves strong attack success rates and transferability, while significantly degrading the recognition results. Qualitative analyses further confirm the high visual imperceptibility of the adversarial samples generated by FTA. Our findings highlight the need to strengthen CSLR models against frequency attacks and the need to focus more on model security.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Frequency transform attack: a transferable adversarial framework for continuous sign language recognition

  • Yachao Lin,
  • Yuxuan Liu,
  • Wanli Xue,
  • Leming Guo,
  • Chao Wei,
  • Tiantian Yuan

摘要

Continuous Sign Language Recognition (CSLR) serves as a critical bridge for communication between hearing-impaired and hearing individuals. Although recent CSLR models have achieved notable accuracy, their security vulnerabilities remain largely unexplored. In this paper, to the best of our knowledge, we propose the first Frequency Transform Attack (FTA) framework for CSLR, aiming to reveal some frequency attack security vulnerabilities in the mainstream CSLR models. We propose a spectral transformation strategy that leverages Discrete Cosine Transform (DCT) and Inverse DCT (IDCT) to generate diverse spectral perturbations for sign videos, achieving transferability and visual imperceptibility. We further construct a dedicated CSLR surrogate model that integrates spatial feature extraction with both short-term and long-term temporal modeling, enabling more accurate and stable gradient directions for generating adversarial examples. Moreover, we introduce a novel channel-aware low-pass filter, which effectively suppresses high-frequency components associated with edge details and background noise, thereby ensuring high visual imperceptibility without sacrificing attack strength. We evaluated FTA across six mainstream CSLR models on the PHOENIX-2014 and PHOENIX-2014T datasets. Quantitative results demonstrate that FTA achieves strong attack success rates and transferability, while significantly degrading the recognition results. Qualitative analyses further confirm the high visual imperceptibility of the adversarial samples generated by FTA. Our findings highlight the need to strengthen CSLR models against frequency attacks and the need to focus more on model security.