Adversarial Patch
Tom B. Brown, Dandelion Man\'e, Aurko Roy, Mart\'in Abadi, Justin, Gilmer
TL;DR
This paper introduces a method for creating universal, robust, targeted adversarial patches that can be physically printed and used to fool image classifiers into misclassifying scenes with a specific target label.
Contribution
The paper presents a novel approach for generating physical adversarial patches that are universal, robust to transformations, and targeted, advancing the field of adversarial attacks.
Findings
Adversarial patches can be printed and physically applied to scenes.
Patches reliably cause classifiers to output target classes.
The method works under various real-world transformations.
Abstract
We present a method to create universal, robust, targeted adversarial image patches in the real world. The patches are universal because they can be used to attack any scene, robust because they work under a wide variety of transformations, and targeted because they can cause a classifier to output any target class. These adversarial patches can be printed, added to any scene, photographed, and presented to image classifiers; even when the patches are small, they cause the classifiers to ignore the other items in the scene and report a chosen target class. To reproduce the results from the paper, our code is available at https://github.com/tensorflow/cleverhans/tree/master/examples/adversarial_patch
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Digital Media Forensic Detection