Adversarial Laser Beam: Effective Physical-World Attack to DNNs in a Blink
This work addresses a security vulnerability in DNNs for applications like autonomous vehicles or surveillance, but it is incremental as it builds on existing adversarial attack research by introducing a new physical method.
The authors tackled the problem of adversarial attacks on deep neural networks using light beams, demonstrating that a laser beam can effectively fool DNNs in real-world scenarios with experiments showing its effectiveness in both digital and physical settings.
Though it is well known that the performance of deep neural networks (DNNs) degrades under certain light conditions, there exists no study on the threats of light beams emitted from some physical source as adversarial attacker on DNNs in a real-world scenario. In this work, we show by simply using a laser beam that DNNs are easily fooled. To this end, we propose a novel attack method called Adversarial Laser Beam ($AdvLB$), which enables manipulation of laser beam's physical parameters to perform adversarial attack. Experiments demonstrate the effectiveness of our proposed approach in both digital- and physical-settings. We further empirically analyze the evaluation results and reveal that the proposed laser beam attack may lead to some interesting prediction errors of the state-of-the-art DNNs. We envisage that the proposed $AdvLB$ method enriches the current family of adversarial attacks and builds the foundation for future robustness studies for light.