Adversarial Attacks against Context-dependent Visual Association in Referring Multi-Object Tracking Systems

Halima Bouzidi; Haoyu Liu; Mohammad Al Faruque

Adversarial Attacks against Context-dependent Visual Association in Referring Multi-Object Tracking Systems

Halima Bouzidi, Haoyu Liu, Mohammad Al Faruque

Published: 29 Sept 2025, Last Modified: 14 Oct 2025NeurIPS 2025 - Reliable ML WorkshopEveryoneRevisionsBibTeXCC BY 4.0

Keywords: Referring Multi-Object Tracking, Language–Vision Understanding, Transformer-based Reasoning, Adversarial Vulnerabilities, Security-aware Perception Systems

TL;DR: We expose adversarial vulnerabilities in RMOT, including weaknesses in referring–matching logic and FIFO memory. Our VEIL framework shows digital and physical attacks disrupt tracking reliability.

Abstract: Language–vision understanding has driven the development of advanced perception systems, most notably the emerging paradigm of Referring Multi-Object Tracking (RMOT). By leveraging natural-language queries, RMOT systems can selectively track objects that satisfy a given semantic description, guided through Transformer-based spatial–temporal reasoning modules. End-to-End (E2E) RMOT models further unify feature extraction, temporal memory, and spatial reasoning within a Transformer backbone, enabling long-range spatial–temporal modeling over fused textual–visual representations. Despite these advances, the reliability and robustness of RMOT remain underexplored. In this paper, we examine the security implications of RMOT systems from a design-logic perspective, identifying adversarial vulnerabilities that compromise both the linguistic-visual referring and track-object matching components. Additionally, we uncover a novel vulnerability in advanced RMOT models employing FIFO-based memory, whereby targeted and consistent attacks on their spatial–temporal reasoning introduce errors that persist within the history buffer over multiple subsequent frames. We present VEIL, a novel adversarial framework designed to disrupt the unified referring–matching mechanisms of RMOT models. We show that carefully crafted digital and physical perturbations can corrupt the tracking logic reliability, inducing track ID switches and terminations. We conduct comprehensive evaluations using the Refer-KITTI dataset to validate the effectiveness of VEIL and demonstrate the urgent need for security-aware RMOT designs for critical large-scale applications.

Submission Number: 209

Loading