Cutting-edge works have demonstrated that text-to-image (T2I) diffusion models can generate adversarial patches that mislead state-of-the-art object detectors in the physical world, revealing detectors' vulnerabilities and risks. However, these methods neglect the T2I patches' attack effectiveness when observed from different views in the physical world (i.e., angle robustness of the T2I adversarial patches). In this paper, we study the angle robustness of T2I adversarial patches comprehensively, revealing their angle-robust issues, demonstrating that texts affect the angle robustness of generated patches significantly, and task-specific linguistic instructions fail to enhance the angle robustness. Motivated by the studies, we introduce Angle-Robust Concept Learning (AngleRoCL), a simple and flexible approach that learns a generalizable concept (i.e., text embeddings in implementation) representing the capability of generating angle-robust patches. The learned concept can be incorporated into textual prompts and guides T2I models to generate patches with their attack effectiveness inherently resistant to viewpoint variations. Through extensive simulation and physical-world experiments on five SOTA detectors across multiple views, we demonstrate that AngleRoCL significantly enhances the angle robustness of T2I adversarial patches compared to baseline methods. Our patches maintain high attack success rates even under challenging viewing conditions, with over 50% average relative improvement in attack effectiveness across multiple angles. This research advances the understanding of physically angle-robust patches and provides insights into the relationship between textual concepts and physical properties in T2I-generated contents. We released our code at https://github.com/tsingqguo/anglerocl.

翻译：前沿研究表明，文本到图像（T2I）扩散模型能够生成在物理世界中误导先进目标检测器的对抗补丁，揭示了检测器的脆弱性与潜在风险。然而，现有方法忽略了T2I补丁在物理世界中从不同视角观察时的攻击有效性（即T2I对抗补丁的角度鲁棒性）。本文系统研究了T2I对抗补丁的角度鲁棒性，揭示了其存在的角度鲁棒性问题，证明了文本描述对生成补丁的角度鲁棒性具有显著影响，且任务特定的语言指令无法有效提升角度鲁棒性。基于这些发现，我们提出了角度鲁棒概念学习（AngleRoCL），这是一种简洁灵活的方法，通过学习一个可泛化的概念（在实现中体现为文本嵌入）来表征生成角度鲁棒补丁的能力。习得的概念可融入文本提示词，引导T2I模型生成其攻击效果对视角变化具有内在抵抗力的补丁。通过在多个视角下对五种先进检测器进行大量仿真与物理世界实验，我们证明AngleRoCL相较于基线方法显著提升了T2I对抗补丁的角度鲁棒性。即使在具有挑战性的观测条件下，我们的补丁仍能保持较高的攻击成功率，在多个角度上的攻击效果平均相对提升超过50%。本研究推进了对物理角度鲁棒补丁的理解，并为T2I生成内容中文本概念与物理属性之间的关联提供了新的见解。代码已发布于 https://github.com/tsingqguo/anglerocl。