Deep neural networks (DNNs) have demonstrated exceptional success across various tasks, underscoring the need to evaluate the robustness of advanced DNNs. However, traditional methods using stickers as physical perturbations to deceive classifiers present challenges in achieving stealthiness and suffer from printing loss. Recent advancements in physical attacks have utilized light beams such as lasers and projectors to perform attacks, where the optical patterns generated are artificial rather than natural. In this study, we introduce a novel physical attack, adversarial catoptric light (AdvCL), where adversarial perturbations are generated using a common natural phenomenon, catoptric light, to achieve stealthy and naturalistic adversarial attacks against advanced DNNs in a black-box setting. We evaluate the proposed method in three aspects: effectiveness, stealthiness, and robustness. Quantitative results obtained in simulated environments demonstrate the effectiveness of the proposed method, and in physical scenarios, we achieve an attack success rate of 83.5%, surpassing the baseline. We use common catoptric light as a perturbation to enhance the stealthiness of the method and make physical samples appear more natural. Robustness is validated by successfully attacking advanced and robust DNNs with a success rate over 80% in all cases. Additionally, we discuss defense strategy against AdvCL and put forward some light-based physical attacks.

翻译：深度神经网络（DNN）已在各类任务中展现出卓越的成功，凸显了评估先进DNN鲁棒性的必要性。然而，传统使用贴纸作为物理扰动来欺骗分类器的方法在实现隐蔽性方面存在挑战，并且面临打印损失问题。近期物理攻击的进展利用激光和投影仪等光束进行攻击，其中生成的光学模式是人工而非自然的。在本研究中，我们提出一种新型物理攻击——对抗性反光（AdvCL），利用常见自然现象“反光”生成对抗性扰动，在黑盒设置下对先进DNN实现隐蔽且自然的对抗性攻击。我们从有效性、隐蔽性和鲁棒性三个方面评估所提方法。在模拟环境中获得的定量结果证明了该方法的有效性，在物理场景下我们实现了83.5%的攻击成功率，超越了基线。我们使用常见反光作为扰动来增强方法的隐蔽性，使物理样本显得更加自然。鲁棒性通过成功攻击先进且鲁棒的DNN得到验证，所有情况下成功率均超过80%。此外，我们讨论了针对AdvCL的防御策略，并提出了一些基于光的物理攻击。