Go to DBLP homepageMagShadow: Physical Adversarial Example Attacks via Electromagnetic Injection
Abstract: Physical adversarial examples (AEs) have become an increasing threat to deploying deep neural network (DNN) models in the real world. Popular approaches adopt sticking-based or projecting-based strategies that stick the printed adversarial patches to objects or directly project the AE onto objects. Although effective, these methods require access to target objects and generate visible artifacts, which reduces the attack's stealthiness. In this article, we propose MagShadow, a new attack vector that leverages imperceptible electromagnetic (EM) signals to realize physical AEs. MagShadow utilizes the CCD camera sensor's susceptibility to EM injection attacks and induces fine-grained adversarial perturbations on the camera's captured image by injecting carefully-crafted signals with a low-cost portable device. As MagShadow directly manipulates the image sensor's output with EM signals, the attack requires no access to the target object and can keep stealthy. We study the feasibility of MagShadow in two typical DNN application scenarios (image classification and object detection) and design a framework to implement four different types of attacks, i.e., untargeted, targeted, hiding, and appearing attacks. Extensive real-world experiments on five different cameras are conducted, which demonstrate MagShadow's effectiveness against different popular DNN models (Inception v3, ResNet101, YOLO v3/v4).
External IDs:dblp:journals/tdsc/LiuLBLR25
Loading