Open AccessPosted Content
Projecting Trouble: Light Based Adversarial Attacks on Deep Learning Classifiers
Nicole Nichols,Robert Jasper +1 more
TL;DR: This work demonstrates a physical attack on a deep learning image classification system using projected light onto a physical scene that can cause misclassification dynamically without altering physical objects in a permanent way.
read more
Abstract: This work demonstrates a physical attack on a deep learning image classification system using projected light onto a physical scene. Prior work is dominated by techniques for creating adversarial examples which directly manipulate the digital input of the classifier. Such an attack is limited to scenarios where the adversary can directly update the inputs to the classifier. This could happen by intercepting and modifying the inputs to an online API such as Clarifai or Cloud Vision. Such limitations have led to a vein of research around physical attacks where objects are constructed to be inherently adversarial or adversarial modifications are added to cause misclassification. Our work differs from other physical attacks in that we can cause misclassification dynamically without altering physical objects in a permanent way.
We construct an experimental setup which includes a light projection source, an object for classification, and a camera to capture the scene. Experiments are conducted against 2D and 3D objects from CIFAR-10. Initial tests show projected light patterns selected via differential evolution could degrade classification from 98% to 22% and 89% to 43% probability for 2D and 3D targets respectively. Subsequent experiments explore sensitivity to physical setup and compare two additional baseline conditions for all 10 CIFAR classes. Some physical targets are more susceptible to perturbation. Simple attacks show near equivalent success, and 6 of the 10 classes were disrupted by light.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Figures
Figure 1: Images demonstrating light based attack on 2D physical presentation 
Figure 4: Experimental setup and figurines for second phase experiments with 3D presentation. 
Figure 2: Images demonstrating light based attack on 3D physical presentation 
Figure 3: Downsampled images demonstrating light based attack on 3D physical representation 
Table 1: Classification statistics for baseline and attacked CIFAR figures.
Citations
•Posted Content
Adversarial Light Projection Attacks on Face Recognition Systems: A Feasibility Study
TL;DR: This work investigates the feasibility of conducting real-time physical attacks on face recognition systems using adversarial light projections and demonstrates the vulnerability of face Recognition systems to light projection attacks in both white-box and black-box attack settings.
58
Adversarial Light Projection Attacks on Face Recognition Systems: A Feasibility Study
Dinh-Luan Nguyen,Sunpreet S. Arora,Yuhang Wu,Hao Yang +3 more
- 24 Mar 2020
TL;DR: In this paper, the authors investigate the feasibility of conducting real-time physical attacks on face recognition systems using adversarial light projections, where a setup comprising a commercially available web camera and a projector is used to conduct the attack.
A Survey on Physical Adversarial Attack in Computer Vision
11 Jan 2023
TL;DR: In this paper , the authors review the development of physical adversarial attacks against DNN-based computer vision tasks (i.e., image recognition and object detection tasks), which can provide beneficial information for developing stronger physical attacks.
Physical-World Optical Adversarial Attacks on 3D Face Recognition
Yanjie Li,Yiquan Li,Xuelong Dai,Songtao Guo,Bin Xiao +4 more
- 01 Jun 2023
TL;DR: Physical-world adversarial attacks on 3D face recognition are challenging due to the requirement of adjacency to the surface and the non-homogeneous nature of skin reflectance. This paper proposes a novel structured-light attack that incorporates 3D reconstruction and skin's reflectance optimization to address these challenges. The method enables adversarial points to be placed in any position and is resilient to random head movements. Experiments show high success rate against point-cloud-based and depth-image-based systems.
16
Physical Adversarial Attacks for Camera-Based Smart Systems: Current Trends, Categorization, Applications, Research Challenges, and Future Outlook
Amira Guesmi,Muhammad Abdullah Hanif,Bassem Ouni,Muhammed Shafique +3 more
TL;DR: A comprehensive survey of the current trends focusing specifically on physical adversarial attacks in computer vision and how each technique strives to ensure the successful manipulation of DNNs while mitigating the risk of detection and withstanding real-world distortions is presented.
References
PointNet: Deep Learning on Point Sets for 3D Classification and Segmentation
R. Qi Charles,Hao Su,Mo Kaichun,Leonidas J. Guibas +3 more
- 21 Jul 2017
TL;DR: This paper designs a novel type of neural network that directly consumes point clouds, which well respects the permutation invariance of points in the input and provides a unified architecture for applications ranging from object classification, part segmentation, to scene semantic parsing.
•Proceedings Article
Intriguing properties of neural networks
Christian Szegedy,Wojciech Zaremba,Ilya Sutskever,Joan Bruna,Dumitru Erhan,Ian Goodfellow,Rob Fergus,Rob Fergus +7 more
- 01 Jan 2014
TL;DR: It is found that there is no distinction between individual highlevel units and random linear combinations of high level units, according to various methods of unit analysis, and it is suggested that it is the space, rather than the individual units, that contains of the semantic information in the high layers of neural networks.
13K
•Proceedings Article
Spatial transformer networks
Max Jaderberg,Karen Simonyan,Andrew Zisserman,Koray Kavukcuoglu +3 more
- 07 Dec 2015
TL;DR: This work introduces a new learnable module, the Spatial Transformer, which explicitly allows the spatial manipulation of data within the network, and can be inserted into existing convolutional architectures, giving neural networks the ability to actively spatially transform feature maps.
Adversarial examples in the physical world
Alexey Kurakin,Ian Goodfellow,Samy Bengio +2 more
- 08 Jul 2016
TL;DR: It is found that a large fraction of adversarial examples are classified incorrectly even when perceived through the camera, which shows that even in physical world scenarios, machine learning systems are vulnerable to adversarialExamples.
5.9K
One Pixel Attack for Fooling Deep Neural Networks
TL;DR: This paper proposes a novel method for generating one-pixel adversarial perturbations based on differential evolution (DE), which requires less adversarial information (a black-box attack) and can fool more types of networks due to the inherent features of DE.
2.6K