Hu Chengyin, Shi Weiwen, Yao Wen, Jiang Tingsong, Tian Ling, Chen Xiaoqian, Li Wen
University of Electronic Science and Technology of China, No. 2006, Xiyuan Avenue, Gaoxin District, Chengdu, 611731, Sichuan, China; Chinese Academy of Military Science, No. 53 East Street, Fengtai District, Beijing, 100071, China.
University of Electronic Science and Technology of China, No. 2006, Xiyuan Avenue, Gaoxin District, Chengdu, 611731, Sichuan, China.
Neural Netw. 2024 Oct;178:106459. doi: 10.1016/j.neunet.2024.106459. Epub 2024 Jun 12.
Deep neural network security is a persistent concern, with considerable research on visible light physical attacks but limited exploration in the infrared domain. Existing approaches, like white-box infrared attacks using bulb boards and QR suits, lack realism and stealthiness. Meanwhile, black-box methods with cold and hot patches often struggle to ensure robustness. To bridge these gaps, we propose Adversarial Infrared Curves (AdvIC). Using Particle Swarm Optimization, we optimize two Bezier curves and employ cold patches in the physical realm to introduce perturbations, creating infrared curve patterns for physical sample generation. Our extensive experiments confirm AdvIC's effectiveness, achieving 94.8% and 67.2% attack success rates for digital and physical attacks, respectively. Stealthiness is demonstrated through a comparative analysis, and robustness assessments reveal AdvIC's superiority over baseline methods. When deployed against diverse advanced detectors, AdvIC achieves an average attack success rate of 76.2%, emphasizing its robust nature. We conduct thorough experimental analyses, including ablation experiments, transfer attacks, adversarial defense investigations, etc. Given AdvIC's substantial security implications for real-world vision-based applications, urgent attention and mitigation efforts are warranted.
