Adversarial attacks can mislead deep learning models to make false predictions by implanting small perturbations to the original input that are imperceptible to the human eye, which poses a huge security threat to the computer vision systems based on deep learning. Physical adversarial attacks, which is more realistic, as the perturbation is introduced to the input before it is being captured and converted to a binary image inside the vision system, when compared to digital adversarial attacks. In this paper, we focus on physical adversarial attacks and further classify them into invasive and non-invasive. Optical-based physical adversarial attack techniques (e.g. using light irradiation) belong to the non-invasive category. As the perturbations can be easily ignored by humans as the perturbations are very similar to the effects generated by a natural environment in the real world. They are highly invisibility and executable and can pose a significant or even lethal threats to real systems. This paper focuses on optical-based physical adversarial attack techniques for computer vision systems, with emphasis on the introduction and discussion of optical-based physical adversarial attack techniques.

翻译：对抗攻击通过向原始输入中注入人类肉眼难以察觉的微小扰动，可误导深度学习模型做出错误预测，这对基于深度学习的计算机视觉系统构成巨大安全威胁。相较于数字对抗攻击，物理对抗攻击更为实际——其扰动在输入被视觉系统捕获并转换为二进制图像之前即被引入输入中。本文聚焦物理对抗攻击，并进一步将其分为侵入式与非侵入式两类。基于光学的物理对抗攻击技术（如利用光照射）属于非侵入式类别。由于此类扰动与真实世界中自然环境产生的效果极为相似，极易被人类忽视。它们具有高度隐蔽性和可执行性，可能对真实系统构成重大甚至致命威胁。本文重点针对计算机视觉系统的光学物理对抗攻击技术，着重介绍与讨论基于光学的物理对抗攻击方法。