In the physical world, deep neural networks (DNNs) are impacted by light and shadow, which can have a significant effect on their performance. While stickers have traditionally been used as perturbations in most physical attacks, their perturbations can often be easily detected. To address this, some studies have explored the use of light-based perturbations, such as lasers or projectors, to generate more subtle perturbations, which are artificial rather than natural. In this study, we introduce a novel light-based attack called the adversarial neon beam (AdvNB), which utilizes common neon beams to create a natural black-box physical attack. Our approach is evaluated on three key criteria: effectiveness, stealthiness, and robustness. Quantitative results obtained in simulated environments demonstrate the effectiveness of the proposed method, and in physical scenarios, we achieve an attack success rate of 81.82%, surpassing the baseline. By using common neon beams as perturbations, we enhance the stealthiness of the proposed attack, enabling physical samples to appear more natural. Moreover, we validate the robustness of our approach by successfully attacking advanced DNNs with a success rate of over 75% in all cases. We also discuss defense strategies against the AdvNB attack and put forward other light-based physical attacks.

翻译：在物理世界中，深度神经网络（DNN）受光照和阴影的影响，这对其性能可能产生显著作用。虽然传统物理攻击大多采用贴纸作为扰动，但这些扰动往往容易被察觉。为解决这一问题，部分研究已探索使用激光或投影仪等光基扰动来生成更隐蔽的、人工而非自然的扰动。在本研究中，我们提出一种名为“对抗性霓虹光束”（AdvNB）的新型光基攻击方法，该方法利用常见的霓虹光束构建一种自然的黑盒物理攻击。我们的方法从有效性、隐蔽性和鲁棒性三个关键标准进行评估。模拟环境中的定量结果表明了所提方法的有效性；在物理场景中，我们实现了81.82%的攻击成功率，超越了基线方法。通过使用常见霓虹光束作为扰动，我们增强了所提攻击的隐蔽性，使物理样本显得更加自然。此外，我们验证了该方法的鲁棒性：在所有情况下，对先进DNN的攻击成功率均超过75%。我们还讨论了针对AdvNB攻击的防御策略，并提出了其他光基物理攻击。