AngleRoCL: Angle-Robust Concept Learning for Physically View-Invariant T2I Adversarial Patches

TL;DR

This paper introduces AngleRoCL, a method that enhances the angle robustness of text-to-image adversarial patches, making them effective from multiple viewpoints and improving physical-world attack success rates against object detectors.

Contribution

It proposes a novel concept learning approach that guides T2I models to generate angle-robust adversarial patches, addressing a key vulnerability in physical adversarial attacks.

Findings

Significantly improves attack success rates across multiple viewing angles.

Demonstrates over 50% average relative improvement in attack effectiveness.

Validates effectiveness through extensive simulation and real-world experiments.

Abstract

Cutting-edge works have demonstrated that text-to-image (T2I) diffusion models can generate adversarial patches that mislead state-of-the-art object detectors in the physical world, revealing detectors' vulnerabilities and risks. However, these methods neglect the T2I patches' attack effectiveness when observed from different views in the physical world (i.e., angle robustness of the T2I adversarial patches). In this paper, we study the angle robustness of T2I adversarial patches comprehensively, revealing their angle-robust issues, demonstrating that texts affect the angle robustness of generated patches significantly, and task-specific linguistic instructions fail to enhance the angle robustness. Motivated by the studies, we introduce Angle-Robust Concept Learning (AngleRoCL), a simple and flexible approach that learns a generalizable concept (i.e., text embeddings in implementation) representing the capability of generating angle-robust patches. The learned concept can be incorporated into textual prompts and guides T2I models to generate patches with their attack effectiveness inherently resistant to viewpoint variations. Through extensive simulation and physical-world experiments on five SOTA detectors across multiple views, we demonstrate that AngleRoCL significantly enhances the angle robustness of T2I adversarial patches compared to baseline methods. Our patches maintain high attack success rates even under challenging viewing conditions, with over 50% average relative improvement in attack effectiveness across multiple angles. This research advances the understanding of physically angle-robust patches and provides insights into the relationship between textual concepts and physical properties in T2I-generated contents. We released our code at https://github.com/tsingqguo/anglerocl.