Distillation-Enhanced Physical Adversarial Attacks

TL;DR

This paper introduces a novel physical adversarial attack method that uses knowledge distillation to create stealthy patches, balancing attack effectiveness and visual inconspicuousness, with a 20% performance improvement demonstrated.

Contribution

The paper proposes a new physical adversarial attack technique leveraging knowledge distillation and a tailored color space to enhance stealth and attack success.

Findings

Attack performance improved by 20%

Stealthiness maintained through a tailored color space

Effective knowledge transfer from teacher to student patches

Abstract

The study of physical adversarial patches is crucial for identifying vulnerabilities in AI-based recognition systems and developing more robust deep learning models. While recent research has focused on improving patch stealthiness for greater practical applicability, achieving an effective balance between stealth and attack performance remains a significant challenge. To address this issue, we propose a novel physical adversarial attack method that leverages knowledge distillation. Specifically, we first define a stealthy color space tailored to the target environment to ensure smooth blending. Then, we optimize an adversarial patch in an unconstrained color space, which serves as the 'teacher' patch. Finally, we use an adversarial knowledge distillation module to transfer the teacher patch's knowledge to the 'student' patch, guiding the optimization of the stealthy patch. Experimental results show that our approach improves attack performance by 20%, while maintaining stealth, highlighting its practical value.