Jacks of All Trades, Masters Of None: Addressing Distributional Shift and Obtrusiveness via Transparent Patch Attacks

by   Neil Fendley, et al.

We focus on the development of effective adversarial patch attacks and – for the first time – jointly address the antagonistic objectives of attack success and obtrusiveness via the design of novel semi-transparent patches. This work is motivated by our pursuit of a systematic performance analysis of patch attack robustness with regard to geometric transformations. Specifically, we first elucidate a) key factors underpinning patch attack success and b) the impact of distributional shift between training and testing/deployment when cast under the Expectation over Transformation (EoT) formalism. By focusing our analysis on three principal classes of transformations (rotation, scale, and location), our findings provide quantifiable insights into the design of effective patch attacks and demonstrate that scale, among all factors, significantly impacts patch attack success. Working from these findings, we then focus on addressing how to overcome the principal limitations of scale for the deployment of attacks in real physical settings: namely the obtrusiveness of large patches. Our strategy is to turn to the novel design of irregularly-shaped, semi-transparent partial patches which we construct via a new optimization process that jointly addresses the antagonistic goals of mitigating obtrusiveness and maximizing effectiveness. Our study – we hope – will help encourage more focus in the community on the issues of obtrusiveness, scale, and success in patch attacks.


page 1

page 7


Patch Attack Invariance: How Sensitive are Patch Attacks to 3D Pose?

Perturbation-based attacks, while not physically realizable, have been t...

Brightness-Restricted Adversarial Attack Patch

Adversarial attack patches have gained increasing attention due to their...

Distributional Modeling for Location-Aware Adversarial Patches

Adversarial patch is one of the important forms of performing adversaria...

Defending Backdoor Attacks on Vision Transformer via Patch Processing

Vision Transformers (ViTs) have a radically different architecture with ...

Rethinking the Trigger of Backdoor Attack

In this work, we study the problem of backdoor attacks, which add a spec...

Why, How and Where of Delays in Software Security Patch Management: An Empirical Investigation in the Healthcare Sector

Numerous security attacks that resulted in devastating consequences can ...

DAP: A Dynamic Adversarial Patch for Evading Person Detectors

In this paper, we present a novel approach for generating naturalistic a...

Please sign up or login with your details

Forgot password? Click here to reset