Most existing deep neural networks (DNNs) are easily disturbed by slight noise. However, there are few researches on physical attacks by deploying lighting equipment. The light-based physical attacks has excellent covertness, which brings great security risks to many vision-based applications (such as self-driving). Therefore, we propose a light-based physical attack, called adversarial laser spot (AdvLS), which optimizes the physical parameters of laser spots through genetic algorithm to perform physical attacks. It realizes robust and covert physical attack by using low-cost laser equipment. As far as we know, AdvLS is the first light-based physical attack that perform physical attacks in the daytime. A large number of experiments in the digital and physical environments show that AdvLS has excellent robustness and covertness. In addition, through in-depth analysis of the experimental data, we find that the adversarial perturbations generated by AdvLS have superior adversarial attack migration. The experimental results show that AdvLS impose serious interference to advanced DNNs, we call for the attention of the proposed AdvLS. The code of AdvLS is available at: https://github.com/ChengYinHu/AdvLS

翻译：现有大部分深度神经网络（DNN）易受微小噪声干扰，但针对部署照明设备的物理攻击研究鲜有涉及。基于光的物理攻击具有极佳隐蔽性，这对基于视觉的应用（如自动驾驶）带来了重大安全隐患。为此，我们提出一种基于光的物理攻击方法——对抗激光点（Adversarial Laser Spot, AdvLS），通过遗传算法优化激光点的物理参数以实现物理攻击。该方法利用低成本激光设备实现鲁棒且隐蔽的物理攻击。据我们所知，AdvLS是首个能在白天实施物理攻击的基于光的攻击方法。数字环境与物理环境中的大量实验表明，AdvLS具有优异的鲁棒性与隐蔽性。此外，通过深入分析实验数据，我们发现AdvLS产生的对抗扰动具备卓越的对抗攻击迁移性。实验结果显示AdvLS对先进DNN造成了严重干扰，我们呼吁关注所提出的AdvLS。AdvLS代码开源地址：https://github.com/ChengYinHu/AdvLS