Physical Adversarial Attack meets Computer Vision: A Decade Survey

TL;DR

This survey comprehensively reviews physical adversarial attacks on computer vision systems, introducing a new evaluation metric and analyzing the role of adversarial media in real-world attack scenarios.

Contribution

It systematically summarizes physical adversarial attack methods, introduces the concept of adversarial media, and proposes the hiPAA evaluation metric for assessing attack performance.

Findings

Physical adversarial attacks significantly impact DNN performance in real-world scenarios.

The proposed hiPAA metric offers a multi-faceted evaluation framework.

Adversarial media play a crucial role in the success of physical attacks.

Abstract

Despite the impressive achievements of Deep Neural Networks (DNNs) in computer vision, their vulnerability to adversarial attacks remains a critical concern. Extensive research has demonstrated that incorporating sophisticated perturbations into input images can lead to a catastrophic degradation in DNNs' performance. This perplexing phenomenon not only exists in the digital space but also in the physical world. Consequently, it becomes imperative to evaluate the security of DNNs-based systems to ensure their safe deployment in real-world scenarios, particularly in security-sensitive applications. To facilitate a profound understanding of this topic, this paper presents a comprehensive overview of physical adversarial attacks. Firstly, we distill four general steps for launching physical adversarial attacks. Building upon this foundation, we uncover the pervasive role of artifacts carrying adversarial perturbations in the physical world. These artifacts influence each step. To denote them, we introduce a new term: adversarial medium. Then, we take the first step to systematically evaluate the performance of physical adversarial attacks, taking the adversarial medium as a first attempt. Our proposed evaluation metric, hiPAA, comprises six perspectives: Effectiveness, Stealthiness, Robustness, Practicability, Aesthetics, and Economics. We also provide comparative results across task categories, together with insightful observations and suggestions for future research directions.