Abstract
Patch-based adversarial attacks were proven to compromise the robustness and reliability of computer vision systems. However, their conspicuous and easily detectable nature challenge their practicality in real-world setting. To address this, recent work has proposed using Generative Adversarial Networks (GANs) to generate naturalistic patches that may not attract human attention. However, such approaches suffer from a limited latent space making it challenging to produce a patch that is efficient, stealthy, and robust to multiple real-world transformations. This paper introduces a novel approach that produces a Dynamic Adversarial Patch (DAP) designed to overcome these limitations. DAP maintains a naturalistic appearance while optimizing attack efficiency and robustness to real-world transformations. The approach involves redefining the optimization problem and introducing a novel objective function that incorporates a similarity metric to guide the patch's creation. Unlike GAN-based techniques, the DAP directly modifies pixel values within the patch, providing increased flexibility and adaptability to multiple transformations. Furthermore, most clothing-based physical attacks assume static objects and ignore the possible transformations caused by non-rigid deformation due to changes in a person's pose. To address this limitation, a ‘Creases Transformation’ (CT) block is introduced, enhancing the patch's resilience to a variety of real-world distortions. Experimental results demonstrate that the proposed approach outperforms state-of-the-art attacks, achieving a success rate of up to 82.28% in the digital world when targeting the YOLOv7 detector and 65% in the physical world when targeting YOLOv3tiny detector deployed in edge-based smart cameras.
Original language | English |
---|---|
Title of host publication | 2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR): proceedings |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 24595-24604 |
Number of pages | 10 |
ISBN (Electronic) | 9798350353006 |
ISBN (Print) | 9798350353013 |
DOIs | |
Publication status | Published - 16 Sept 2024 |
Event | IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2024 - Seattle, United States Duration: 17 Jun 2024 → 21 Jun 2024 Conference number: 37 |
Publication series
Name | IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR): Proceedings |
---|---|
ISSN (Print) | 1063-6919 |
ISSN (Electronic) | 2575-7075 |
Conference
Conference | IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2024 |
---|---|
Abbreviated title | CVPR 2024 |
Country/Territory | United States |
City | Seattle |
Period | 17/06/2024 → 21/06/2024 |
Publications and Copyright Policy
This work is licensed under Queen’s Research Publications and Copyright Policy.Keywords
- dynamic adversarial patch
- evading person detectors
- computer vision systems