Adversarial Color Film: Effective Physical-World Attack to DNNs

TL;DR

This paper introduces Adversarial Color Film, a novel physical-world attack method that manipulates color film parameters to deceive deep neural networks, demonstrating high effectiveness and transferability in digital and physical settings.

Contribution

It presents a simple, efficient camera-based physical attack method called AdvCF, with experimental validation and defense strategies, addressing a gap in physical adversarial attack research.

Findings

AdvCF effectively fools DNNs in digital and physical environments.

Adversarial samples generated by AdvCF transfer well across models.

Adversarial training can defend against AdvCF attacks.

Abstract

It is well known that the performance of deep neural networks (DNNs) is susceptible to subtle interference. So far, camera-based physical adversarial attacks haven't gotten much attention, but it is the vacancy of physical attack. In this paper, we propose a simple and efficient camera-based physical attack called Adversarial Color Film (AdvCF), which manipulates the physical parameters of color film to perform attacks. Carefully designed experiments show the effectiveness of the proposed method in both digital and physical environments. In addition, experimental results show that the adversarial samples generated by AdvCF have excellent performance in attack transferability, which enables AdvCF effective black-box attacks. At the same time, we give the guidance of defense against AdvCF by means of adversarial training. Finally, we look into AdvCF's threat to future vision-based systems and propose some promising mentality for camera-based physical attacks.