SPAA: Stealthy Projector-based Adversarial Attacks on Deep Image Classifiers

12/10/2020
by   Bingyao Huang, et al.
7

Light-based adversarial attacks aim to fool deep learning-based image classifiers by altering the physical light condition using a controllable light source, e.g., a projector. Compared with physical attacks that place carefully designed stickers or printed adversarial objects, projector-based ones obviate modifying the physical entities. Moreover, projector-based attacks can be performed transiently and dynamically by altering the projection pattern. However, existing approaches focus on projecting adversarial patterns that result in clearly perceptible camera-captured perturbations, while the more interesting yet challenging goal, stealthy projector-based attack, remains an open problem. In this paper, for the first time, we formulate this problem as an end-to-end differentiable process and propose Stealthy Projector-based Adversarial Attack (SPAA). In SPAA, we approximate the real project-and-capture operation using a deep neural network named PCNet, then we include PCNet in the optimization of projector-based attacks such that the generated adversarial projection is physically plausible. Finally, to generate robust and stealthy adversarial projections, we propose an optimization algorithm that uses minimum perturbation and adversarial confidence thresholds to alternate between the adversarial loss and stealthiness loss optimization. Our experimental evaluations show that the proposed SPAA clearly outperforms other methods by achieving higher attack success rates and meanwhile being stealthier.

READ FULL TEXT

page 1

page 3

page 7

page 8

research
09/19/2022

Adversarial Color Projection: A Projector-Based Physical Attack to DNNs

Recent advances have shown that deep neural networks (DNNs) are suscepti...
research
10/16/2018

Projecting Trouble: Light Based Adversarial Attacks on Deep Learning Classifiers

This work demonstrates a physical attack on a deep learning image classi...
research
12/22/2020

Modeling Deep Learning Based Privacy Attacks on Physical Mail

Mail privacy protection aims to prevent unauthorized access to hidden co...
research
02/07/2021

Adversarial Imaging Pipelines

Adversarial attacks play an essential role in understanding deep neural ...
research
06/18/2021

Light Lies: Optical Adversarial Attack

A significant amount of work has been done on adversarial attacks that i...
research
05/03/2021

Physical world assistive signals for deep neural network classifiers – neither defense nor attack

Deep Neural Networks lead the state of the art of computer vision tasks....
research
03/31/2023

Fooling Polarization-based Vision using Locally Controllable Polarizing Projection

Polarization is a fundamental property of light that encodes abundant in...

Please sign up or login with your details

Forgot password? Click here to reset