Bio-Inspired Adversarial Attack Against Deep Neural Networks
This addresses security vulnerabilities in AI systems for applications like autonomous vehicles and surveillance, presenting a novel physical attack approach.
The paper tackles the problem of adversarial attacks on deep neural networks by introducing bio-inspired moving physical objects, demonstrating that superimposing patterns on flapping wing robots can cause targeted misclassification and that specific motions can make object detectors blind in videos.
The paper develops a new adversarial attack against deep neural networks (DNN), based on applying bio-inspired design to moving physical objects. To the best of our knowledge, this is the first work to introduce physical attacks with a moving object. Instead of following the dominating attack strategy in the existing literature, i.e., to introduce minor perturbations to a digital input or a stationary physical object, we show two new successful attack strategies in this paper. We show by superimposing several patterns onto one physical object, a DNN becomes confused and picks one of the patterns to assign a class label. Our experiment with three flapping wing robots demonstrates the possibility of developing an adversarial camouflage to cause a targeted mistake by DNN. We also show certain motion can reduce the dependency among consecutive frames in a video and make an object detector "blind", i.e., not able to detect an object exists in the video. Hence in a successful physical attack against DNN, targeted motion against the system should also be considered.