This work addresses a novel latency attack targeting real-time object detection on edge devices—where adversaries exploit post-processing modules to induce computational bottlenecks and cascading failures, thereby compromising safety-critical downstream tasks such as autonomous driving. To counter this threat, we propose a hardware-aware background-attention adversarial training paradigm. Our approach uniquely couples hardware resource constraints (e.g., Jetson GPU compute capacity) with object confidence loss, integrating system-level hardware-software co-analysis, objectness-guided adversarial training, and a background attention mechanism to jointly optimize clean and robust accuracy. Experiments on the Jetson Orin NX platform demonstrate that, under attack, frame rate recovers from 13 FPS to 43 FPS—achieving substantial real-time performance improvement while maintaining high detection accuracy.

Object detection is a fundamental enabler for many real-time downstream applications such as autonomous driving, augmented reality and supply chain management. However, the algorithmic backbone of neural networks is brittle to imperceptible perturbations in the system inputs, which were generally known as misclassifying attacks. By targeting the real-time processing capability, a new class of latency attacks are reported recently. They exploit new attack surfaces in object detectors by creating a computational bottleneck in the post-processing module, that leads to cascading failure and puts the real-time downstream tasks at risks. In this work, we take an initial attempt to defend against this attack via background-attentive adversarial training that is also cognizant of the underlying hardware capabilities. We first draw system-level connections between latency attack and hardware capacity across heterogeneous GPU devices. Based on the particular adversarial behaviors, we utilize objectness loss as a proxy and build background attention into the adversarial training pipeline, and achieve a reasonable balance between clean and robust accuracy. The extensive experiments demonstrate the defense effectiveness of restoring real-time processing capability from $13$ FPS to $43$ FPS on Jetson Orin NX, with a better trade-off between the clean and robust accuracy.