Imperceptible CMOS camera dazzle for adversarial attacks on deep neural networks
Zvi Stein, Adrian Stern
TL;DR
This paper introduces an invisible optical adversarial attack using a light source to deceive CMOS cameras and fool deep neural networks without being perceptible to humans.
Contribution
It proposes a novel physical-world attack method that uses light to invisibly jam camera sensors and deceive neural networks, expanding adversarial attack techniques beyond digital domains.
Findings
The attack remains invisible under specific photopic conditions.
It effectively deceives deep neural networks in real-world scenarios.
The method demonstrates a new physical attack vector on vision systems.
Abstract
Despite the outstanding performance of deep neural networks, they are vulnerable to adversarial attacks. While there are many invisible attacks in the digital domain, most physical world adversarial attacks are visible. Here we present an invisible optical adversarial attack that uses a light source to dazzle a CMOS camera with a rolling shutter. We present the photopic conditions required to keep the attacking light source completely invisible while sufficiently jamming the captured image so that a deep neural network applied to it is deceived.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Integrated Circuits and Semiconductor Failure Analysis · Advanced Optical Sensing Technologies