CapGen:An Environment-Adaptive Generator of Adversarial Patches

TL;DR

This paper introduces CAPGen, an environment-adaptive adversarial patch generator that blends seamlessly with backgrounds for stealth while maintaining attack effectiveness, emphasizing the roles of patterns and colors.

Contribution

The work presents the first comprehensive analysis of patterns and colors in adversarial patches and proposes a rapid, environment-adaptive generation strategy.

Findings

Patterns have a greater impact on attack performance than colors.

Aligning patch colors with the environment improves visual stealthiness.

The proposed method maintains adversarial robustness while enhancing stealth.

Abstract

Adversarial patches, often used to provide physical stealth protection for critical assets and assess perception algorithm robustness, usually neglect the need for visual harmony with the background environment, making them easily noticeable. Moreover, existing methods primarily concentrate on improving attack performance, disregarding the intricate dynamics of adversarial patch elements. In this work, we introduce the Camouflaged Adversarial Pattern Generator (CAPGen), a novel approach that leverages specific base colors from the surrounding environment to produce patches that seamlessly blend with their background for superior visual stealthiness while maintaining robust adversarial performance. We delve into the influence of both patterns (i.e., color-agnostic texture information) and colors on the effectiveness of attacks facilitated by patches, discovering that patterns exert a more pronounced effect on performance than colors. Based on these findings, we propose a rapid generation strategy for adversarial patches. This involves updating the colors of high-performance adversarial patches to align with those of the new environment, ensuring visual stealthiness without compromising adversarial impact. This paper is the first to comprehensively examine the roles played by patterns and colors in the context of adversarial patches.