Abstract
Deep neural network security is a persistent concern, with considerable research on visible light physical attacks but limited exploration in the infrared domain. Existing approaches, like white-box infrared attacks using bulb boards and QR suits, lack realism and stealthiness. Meanwhile, black-box methods with cold and hot patches often struggle to ensure robustness. To bridge these gaps, we propose Adversarial Infrared Curves (AdvIC). Using Particle Swarm Optimization, we optimize two Bezier curves and employ cold patches in the physical realm to introduce perturbations, creating infrared curve patterns for physical sample generation. Our extensive experiments confirm AdvIC’s effectiveness, achieving 94.8% and 67.2% attack success rates for digital and physical attacks, respectively. Stealthiness is demonstrated through a comparative analysis, and robustness assessments reveal AdvIC’s superiority over baseline methods. When deployed against diverse advanced detectors, AdvIC achieves an average attack success rate of 76.2%, emphasizing its robust nature. We conduct thorough experimental analyses, including ablation experiments, transfer attacks, adversarial defense investigations, etc. Given AdvIC’s substantial security implications for real-world vision-based applications, urgent attention and mitigation efforts are warranted.
Submitted Version (Free)
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have