Although deep neural networks (DNNs) are known to be fragile, no one has studied the effects of zooming-in and zooming-out of images in the physical world on DNNs performance. In this paper, we demonstrate a novel physical adversarial attack technique called Adversarial Zoom Lens (AdvZL), which uses a zoom lens to zoom in and out of pictures of the physical world, fooling DNNs without changing the characteristics of the target object. The proposed method is so far the only adversarial attack technique that does not add physical adversarial perturbation attack DNNs. In a digital environment, we construct a data set based on AdvZL to verify the antagonism of equal-scale enlarged images to DNNs. In the physical environment, we manipulate the zoom lens to zoom in and out of the target object, and generate adversarial samples. The experimental results demonstrate the effectiveness of AdvZL in both digital and physical environments. We further analyze the antagonism of the proposed data set to the improved DNNs. On the other hand, we provide a guideline for defense against AdvZL by means of adversarial training. Finally, we look into the threat possibilities of the proposed approach to future autonomous driving and variant attack ideas similar to the proposed attack.

翻译：尽管深度神经网络（DNNs）已知存在脆弱性，但尚未有研究探讨物理世界中图像放大与缩小对DNNs性能的影响。本文提出一种名为"对抗性变焦镜头"（Adversarial Zoom Lens, AdvZL）的新型物理对抗攻击技术，该技术通过使用变焦镜头对物理世界图像进行放大和缩小操作，在不改变目标物体特征的情况下欺骗DNNs。所提方法是目前唯一不添加物理对抗性扰动即可攻击DNNs的对抗攻击技术。在数字环境中，我们基于AdvZL构建数据集，验证等比例放大图像对DNNs的对抗性。在物理环境中，我们通过操控变焦镜头对目标物体进行放大和缩小操作，生成对抗样本。实验结果表明AdvZL在数字与物理环境中均具有有效性。我们进一步分析了所提数据集对改进型DNNs的对抗性能，另一方面通过对抗训练提供了针对AdvZL的防御指南。最后，我们探讨了该方法对未来自动驾驶的潜在威胁，以及类似攻击思想的变体攻击可能性。