Swinburne
Browse
- No file added yet -

Adversarial camouflage: Hiding physical-world attacks with natural styles

Download (2.04 MB)
conference contribution
posted on 2024-07-26, 14:54 authored by Ranjie Duan, Xingjun Ma, Yisen Wang, James Bailey, Kai QinKai Qin, Yun YangYun Yang
Deep neural networks (DNNs) are known to be vulnerable to adversarial examples. Existing works have mostly focused on either digital adversarial examples created via small and imperceptible perturbations, or physical-world adversarial examples created with large and less realistic distortions that are easily identified by human observers. In this paper, we propose a novel approach, called Adversarial Camouflage (AdvCam), to craft and camouflage physicalworld adversarial examples into natural styles that appear legitimate to human observers. Specifically, AdvCam transfers large adversarial perturbations into customized styles, which are then "hidden"on-target object or off-target background. Experimental evaluation shows that, in both digital and physical-world scenarios, adversarial examples crafted by AdvCam are well camouflaged and highly stealthy, while remaining effective in fooling state-of-the-art DNN image classifiers. Hence, AdvCam is a flexible approach that can help craft stealthy attacks to evaluate the robustness of DNNs. AdvCam can also be used to protect private information from being detected by deep learning systems.

Funding

A data driven paradigm for service-oriented system engineering

Australian Research Council

Find out more...

History

Available versions

PDF (Accepted manuscript)

ISBN

9781728171685

ISSN

1063-6919

Journal title

Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition 2020

Conference name

IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2020; Virtual,

Location

Online

Start date

2020-06-14

End date

2020-06-19

Volume

00

Pagination

8 pp

Publisher

IEEE

Copyright statement

Copyright © 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Language

eng

Usage metrics

    Publications

    Categories

    No categories selected

    Keywords

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC