Adversarial Patch
This work addresses security vulnerabilities in image classification systems, posing a significant threat to applications like autonomous vehicles and surveillance, and is not incremental as it introduces a novel attack method.
The paper tackles the problem of creating adversarial patches that can fool image classifiers in real-world scenarios, achieving targeted misclassification with small, printable patches that remain effective under various transformations.
We present a method to create universal, robust, targeted adversarial image patches in the real world. The patches are universal because they can be used to attack any scene, robust because they work under a wide variety of transformations, and targeted because they can cause a classifier to output any target class. These adversarial patches can be printed, added to any scene, photographed, and presented to image classifiers; even when the patches are small, they cause the classifiers to ignore the other items in the scene and report a chosen target class. To reproduce the results from the paper, our code is available at https://github.com/tensorflow/cleverhans/tree/master/examples/adversarial_patch