Imperceptible CMOS camera dazzle for adversarial attacks on deep neural networks
This addresses the problem of visible physical adversarial attacks for security and robustness in AI systems, offering an incremental improvement by making attacks invisible.
The paper tackles the vulnerability of deep neural networks to adversarial attacks by introducing an invisible optical attack that uses a light source to dazzle a CMOS camera with a rolling shutter, achieving deception while keeping the light source imperceptible.
Despite the outstanding performance of deep neural networks, they are vulnerable to adversarial attacks. While there are many invisible attacks in the digital domain, most physical world adversarial attacks are visible. Here we present an invisible optical adversarial attack that uses a light source to dazzle a CMOS camera with a rolling shutter. We present the photopic conditions required to keep the attacking light source completely invisible while sufficiently jamming the captured image so that a deep neural network applied to it is deceived.