UNI-MB - logo
UMNIK - logo
 
E-resources
Full text
Peer reviewed Open access
  • Enhancing real-world advers...
    Mathov, Yael; Rokach, Lior; Elovici, Yuval

    Neurocomputing (Amsterdam), 08/2022, Volume: 499
    Journal Article

    Display omitted •Real-world adversarial patch using 3D modeling techniques.•Using a 3D digital replica of the target scene to improve the patch’s performance.•An evaluation process that enables reproducible experiments in the real world.•Real-world adversarial patches that are robust to unexpected changes in the scene. Adversarial examples have proven to be a concerning threat to deep learning models, particularly in the image domain. While many studies have examined adversarial examples in the real world, most of them relied on 2D photos of the attack scene. As a result, the attacks proposed may have limited effectiveness when implemented in realistic environments with 3D objects or varied conditions. Some studies on adversarial learning have used 3D objects, however in many cases, other researchers are unable to replicate the real-world evaluation process. In this study, we present a framework that uses 3D modeling to craft adversarial patches for an existing real-world scene. Our approach uses a 3D digital approximation of the scene to simulate the real world. With the ability to add and manipulate any element in the digital scene, our framework enables the attacker to improve the adversarial patch’s impact in real-world settings. We use the framework to create a patch for an everyday scene and evaluate its performance using a novel evaluation process that ensures that our results are reproducible in both the digital space and the real world. Our evaluation results show that the framework can generate adversarial patches that are robust to different settings in the real world.