Distillation-Enhanced Physical Adversarial Attacks
This work addresses a specific problem in AI security for physical recognition systems, offering an incremental improvement in adversarial attack techniques.
The paper tackles the challenge of balancing stealth and attack performance in physical adversarial patches by proposing a method that uses knowledge distillation to transfer attack knowledge from an unconstrained 'teacher' patch to a stealthy 'student' patch, resulting in a 20% improvement in attack performance while maintaining stealth.
The study of physical adversarial patches is crucial for identifying vulnerabilities in AI-based recognition systems and developing more robust deep learning models. While recent research has focused on improving patch stealthiness for greater practical applicability, achieving an effective balance between stealth and attack performance remains a significant challenge. To address this issue, we propose a novel physical adversarial attack method that leverages knowledge distillation. Specifically, we first define a stealthy color space tailored to the target environment to ensure smooth blending. Then, we optimize an adversarial patch in an unconstrained color space, which serves as the 'teacher' patch. Finally, we use an adversarial knowledge distillation module to transfer the teacher patch's knowledge to the 'student' patch, guiding the optimization of the stealthy patch. Experimental results show that our approach improves attack performance by 20%, while maintaining stealth, highlighting its practical value.