CAPAA: Classifier-Agnostic Projector-Based Adversarial Attack

TL;DR

CAPAA introduces a novel classifier-agnostic adversarial attack method that effectively deceives multiple classifiers across different camera poses by using an attention-based gradient weighting mechanism, enhancing attack success and stealthiness.

Contribution

The paper presents a new classifier-agnostic loss and an attention-based gradient weighting mechanism for projector-based adversarial attacks, improving robustness across multiple classifiers and camera poses.

Findings

CAPAA outperforms existing methods in attack success rate.

It achieves higher stealthiness in adversarial projections.

Effective across varying camera poses and multiple classifiers.

Abstract

Projector-based adversarial attack aims to project carefully designed light patterns (i.e., adversarial projections) onto scenes to deceive deep image classifiers. It has potential applications in privacy protection and the development of more robust classifiers. However, existing approaches primarily focus on individual classifiers and fixed camera poses, often neglecting the complexities of multi-classifier systems and scenarios with varying camera poses. This limitation reduces their effectiveness when introducing new classifiers or camera poses. In this paper, we introduce Classifier-Agnostic Projector-Based Adversarial Attack (CAPAA) to address these issues. First, we develop a novel classifier-agnostic adversarial loss and optimization framework that aggregates adversarial and stealthiness loss gradients from multiple classifiers. Then, we propose an attention-based gradient weighting mechanism that concentrates perturbations on regions of high classification activation, thereby improving the robustness of adversarial projections when applied to scenes with varying camera poses. Our extensive experimental evaluations demonstrate that CAPAA achieves both a higher attack success rate and greater stealthiness compared to existing baselines. Codes are available at: https://github.com/ZhanLiQxQ/CAPAA.