Extended Spatially Localized Perturbation GAN (eSLP-GAN) for Robust Adversarial Camouflage Patches

• Published in: Sensors (Basel, Switzerland) Vol. 21; no. 16; p. 5323
• Main Authors: Kim, Yongsu, Kang, Hyoeun, Suryanto, Naufal, Larasati, Harashta Tatimma, Mukaroh, Afifatul, Kim, Howon
• Format: Journal Article
• Language: English
• Published: Switzerland MDPI AG 06.08.2021; MDPI
• Subjects: Accuracy; adversarial patch; camouflage; Classification; Computer vision; generative adversarial networks; Humans; Methods; Neural networks; Neural Networks, Computer; Sensors; Unmanned aerial vehicles; generative adversarial networks; adversarial patch; camouflage
• ISSN: 1424-8220; 1424-8220
• DOI: 10.3390/s21165323

Deep neural networks (DNNs), especially those used in computer vision, are highly vulnerable to adversarial attacks, such as adversarial perturbations and adversarial patches. Adversarial patches, often considered more appropriate for a real-world attack, are attached to the target object or its surroundings to deceive the target system. However, most previous research employed adversarial patches that are conspicuous to human vision, making them easy to identify and counter. Previously, the spatially localized perturbation GAN (SLP-GAN) was proposed, in which the perturbation was only added to the most representative area of the input images, creating a spatially localized adversarial camouflage patch that excels in terms of visual fidelity and is, therefore, difficult to detect by human vision. In this study, the use of the method called eSLP-GAN was extended to deceive classifiers and object detection systems. Specifically, the loss function was modified for greater compatibility with an object-detection model attack and to increase robustness in the real world. Furthermore, the applicability of the proposed method was tested on the CARLA simulator for a more authentic real-world attack scenario.