A Single Set of Adversarial Clothes Breaks Multiple Defense Methods in the Physical World

TL;DR

This paper demonstrates that a single set of adversarial clothes can effectively bypass multiple defense methods for object detection in both digital and physical settings, exposing a significant vulnerability.

Contribution

It introduces a novel adversarial clothing attack that defeats various defense strategies, highlighting the limitations of current defenses against large, natural-looking adversarial patches.

Findings

All defense methods performed poorly against adversarial clothes.

A single set of clothes achieved over 96% attack success rate in digital tests.

The attack maintained over 64% success rate in physical world conditions.

Abstract

In recent years, adversarial attacks against deep learning-based object detectors in the physical world have attracted much attention. To defend against these attacks, researchers have proposed various defense methods against adversarial patches, a typical form of physically-realizable attack. However, our experiments showed that simply enlarging the patch size could make these defense methods fail. Motivated by this, we evaluated various defense methods against adversarial clothes which have large coverage over the human body. Adversarial clothes provide a good test case for adversarial defense against patch-based attacks because they not only have large sizes but also look more natural than a large patch on humans. Experiments show that all the defense methods had poor performance against adversarial clothes in both the digital world and the physical world. In addition, we crafted a single set of clothes that broke multiple defense methods on Faster R-CNN. The set achieved an Attack Success Rate (ASR) of 96.06% against the undefended detector and over 64.84% ASRs against nine defended models in the physical world, unveiling the common vulnerability of existing adversarial defense methods against adversarial clothes. Code is available at: https://github.com/weiz0823/adv-clothes-break-multiple-defenses.