It is well known that the performance of deep neural networks (DNNs) is susceptible to subtle interference. So far, camera-based physical adversarial attacks haven't gotten much attention, but it is the vacancy of physical attack. In this paper, we propose a simple and efficient camera-based physical attack called Adversarial Color Film (AdvCF), which manipulates the physical parameters of color film to perform attacks. Carefully designed experiments show the effectiveness of the proposed method in both digital and physical environments. In addition, experimental results show that the adversarial samples generated by AdvCF have excellent performance in attack transferability, which enables AdvCF effective black-box attacks. At the same time, we give the guidance of defense against AdvCF by means of adversarial training. Finally, we look into AdvCF's threat to future vision-based systems and propose some promising mentality for camera-based physical attacks.

翻译：众所周知，深度神经网络（DNNs）的性能易受细微干扰的影响。目前，基于相机的物理对抗攻击尚未引起足够关注，而这正是物理攻击领域的空白。本文提出一种简单高效的基于相机的物理攻击方法——对抗色彩胶片（AdvCF），通过操控色彩胶片的物理参数实施攻击。精心设计的实验表明，该方法在数字环境与物理环境中均具有有效性。此外，实验结果显示，AdvCF生成的对抗样本在攻击可迁移性方面表现优异，从而使其能够实现有效的黑盒攻击。同时，我们通过对抗训练给出了针对AdvCF的防御指导。最后，我们展望了AdvCF对未来基于视觉系统的威胁，并提出了若干有前景的基于相机的物理攻击思路。