Adversarial Robustness in Video Surveillance: A GAN-Based Attack Generation and Defence Framework for YOLO

The operational integrity of Artificial Intelligence (AI)-powered video surveillance systems is critically threatened by adversarial attacks that exploit vulnerabilities in object detectors like YOLO (You Only Look Once). This research proposes a comprehensive dual-framework to both assess and mitigate this threat. On the offensive front, we develop an enhanced Generative Adversarial Neural Network (GAN) attack model, incorporating a novel composite loss function that combines adversarial, L1 perceptual, and cosine similarity losses. This architecture forces the generator to produce adversarial examples that are not only potent in evading detection but also semantically coherent and realistic. Defensively, we fortify the YOLO object detector by integrating a TrackingLearning-Detection (TLD) module, creating a YOLO-TLD framework that enhances resilience through robust long-term tracking and online P-N learning, which continuously updates the detector based on tracking consistency and error correction.

The proposed offensive and defensive models were rigorously evaluated against each other using benchmark datasets, including COCO, VOC 2007, and the realistic VIRAT surveillance video dataset. The results demonstrate a critical security arms race: the enhanced GANN model achieved a remarkable fooling rate of over 92% on static images and 81% on video sequences, effectively compromising a standard YOLO detector. Conversely, the defensive YOLO-TLD system showed significant resilience, raising detection accuracy on the COCO dataset under adversarial conditions from 85% to 90.5%. However, this defense was not absolute; when subjected to the most sophisticated GANN attacks, the performance of even the fortified YOLOTLD experienced a dramatic decline, with accuracy in certain scenarios plummeting from 92% to less than 5%. These findings highlight the severe and practical threat of GAN-based attacks while validating the value of integrated tracking and learning for defense. The study concludes that a fundamental shift towards adversarial training and hybrid, tamper resistant architectures is imperative. The contributions of this work provide a critical i methodological framework and benchmark for developing next-generation surveillance systems capable of withstanding evolving adversarial threats.