Abstract:
Deep neural network security is a persistent concern, with considerable research on visible light physical attacks but limited exploration in the infrared domain. Existing approaches, like white-box infrared attacks using bulb boards and QR suits, lack realism and stealthiness. Meanwhile, black-box methods with cold and hot patches often struggle to ensure robustness. To bridge these gaps, we propose Adversarial Infrared Curves (AdvIC). Using Particle Swarm Optimization, we optimize two Bezier curves and employ cold patches in the physical realm to introduce perturbations, creating infrared curve patterns for physical sample generation. Our extensive experiments confirm AdvIC\'s effectiveness, achieving 94.8% and 67.2% attack success rates for digital and physical attacks, respectively. Stealthiness is demonstrated through a comparative analysis, and robustness assessments reveal AdvIC\'s superiority over baseline methods. When deployed against diverse advanced detectors, AdvIC achieves an average attack success rate of 76.2%, emphasizing its robust nature. We conduct thorough experimental analyses, including ablation experiments, transfer attacks, adversarial defense investigations, etc. Given AdvIC\'s substantial security implications for real-world vision-based applications, urgent attention and mitigation efforts are warranted.
摘要:
深度神经网络安全是一个持续关注的问题,对可见光物理攻击的研究相当多,但在红外领域的探索有限。现有的方法,比如使用灯泡板和QR套装的白盒红外攻击,缺乏现实主义和隐秘。同时,具有冷补丁和热补丁的黑盒方法通常难以确保鲁棒性。为了弥合这些差距,我们提出对抗性红外曲线(AdvIC)。使用粒子群优化,我们优化了两条贝塞尔曲线,并在物理领域采用冷点来引入扰动,创建用于物理样品生成的红外曲线图案。我们广泛的实验证实了AdvIC的有效性,数字和物理攻击的攻击成功率达到94.8%和67.2%,分别。通过比较分析证明了隐蔽性,稳健性评估揭示了AdvIC相对于基线方法的优越性。当部署在不同的先进探测器上时,AdvIC的平均攻击成功率为76.2%,强调其坚固性。我们进行了彻底的实验分析,包括消融实验,转移攻击,对抗性辩护调查,等。鉴于AdvIC对基于视觉的现实应用程序的重大安全影响,需要紧急关注和缓解努力。
