Despite the impressive achievements of Deep Neural Networks (DNNs) in computer vision, their vulnerability to adversarial attacks remains a critical concern. Extensive research has demonstrated that incorporating sophisticated perturbations into input images can lead to a catastrophic degradation in DNNs' performance. This perplexing phenomenon not only exists in the digital space but also in the physical world. Consequently, it becomes imperative to evaluate the security of DNNs-based systems to ensure their safe deployment in real-world scenarios, particularly in security-sensitive applications. To facilitate a profound understanding of this topic, this paper presents a comprehensive overview of physical adversarial attacks. Firstly, we distill four general steps for launching physical adversarial attacks. Building upon this foundation, we uncover the pervasive role of artifacts carrying adversarial perturbations in the physical world. These artifacts influence each step. To denote them, we introduce a new term: adversarial medium. Then, we take the first step to systematically evaluate the performance of physical adversarial attacks, taking the adversarial medium as a first attempt. Our proposed evaluation metric, hiPAA, comprises six perspectives: Effectiveness, Stealthiness, Robustness, Practicability, Aesthetics, and Economics. We also provide comparative results across task categories, together with insightful observations and suggestions for future research directions.

翻译：尽管深度神经网络（DNNs）在计算机视觉领域取得了令人瞩目的成就，但其对抗攻击的脆弱性仍是关键隐患。大量研究表明，向输入图像加入精心设计的扰动会导致DNNs性能灾难性下降。这一令人费解的现象不仅存在于数字空间，同样存在于物理世界。因此，评估基于DNNs系统的安全性以确保其在真实场景中的安全部署变得至关重要，尤其是在安全敏感性应用中。为促进对该议题的深入理解，本文全面概述了物理对抗攻击。首先，我们提炼出实施物理对抗攻击的四个通用步骤。在此基础上，揭示了携带对抗扰动的人工制品（artifact）在物理世界中的普遍作用，这些人工制品影响每个步骤。为统一指代，我们引入新术语：对抗介质（adversarial medium）。随后，我们首次以对抗介质为切入点，系统评估物理对抗攻击的性能。提出的评估指标hiPAA包含六个维度：有效性、隐蔽性、鲁棒性、实用性、美观性和经济性。我们还提供了跨任务类别的对比结果，并附上对未来研究方向的深刻见解与建议。