Moir\'e Attack (MA): A New Potential Risk of Screen Photos

TL;DR

This paper introduces the Moiré Attack, a novel physical-world attack leveraging moiré patterns caused by digital screen photography to stealthily tamper with deep neural networks, demonstrating high success and transferability rates.

Contribution

The paper presents the first physical-world moiré pattern attack method that effectively fools DNNs with high success, transferability, and stealthiness, highlighting a new security threat.

Findings

100% success rate for untargeted attack

97% success rate for targeted attack

High transferability and robustness across models

Abstract

Images, captured by a camera, play a critical role in training Deep Neural Networks (DNNs). Usually, we assume the images acquired by cameras are consistent with the ones perceived by human eyes. However, due to the different physical mechanisms between human-vision and computer-vision systems, the final perceived images could be very different in some cases, for example shooting on digital monitors. In this paper, we find a special phenomenon in digital image processing, the moir\'e effect, that could cause unnoticed security threats to DNNs. Based on it, we propose a Moir\'e Attack (MA) that generates the physical-world moir\'e pattern adding to the images by mimicking the shooting process of digital devices. Extensive experiments demonstrate that our proposed digital Moir\'e Attack (MA) is a perfect camouflage for attackers to tamper with DNNs with a high success rate ($100.0\%$ for untargeted and $97.0\%$ for targeted attack with the noise budget $\epsilon=4$), high transferability rate across different models, and high robustness under various defenses. Furthermore, MA owns great stealthiness because the moir\'e effect is unavoidable due to the camera's inner physical structure, which therefore hardly attracts the awareness of humans. Our code is available at https://github.com/Dantong88/Moire_Attack.