Modern automated surveillance techniques are heavily reliant on deep learning methods. Despite the superior performance, these learning systems are inherently vulnerable to adversarial attacks - maliciously crafted inputs that are designed to mislead, or trick, models into making incorrect predictions. An adversary can physically change their appearance by wearing adversarial t-shirts, glasses, or hats or by specific behavior, to potentially avoid various forms of detection, tracking and recognition of surveillance systems; and obtain unauthorized access to secure properties and assets. This poses a severe threat to the security and safety of modern surveillance systems. This paper reviews recent attempts and findings in learning and designing physical adversarial attacks for surveillance applications. In particular, we propose a framework to analyze physical adversarial attacks and provide a comprehensive survey of physical adversarial attacks on four key surveillance tasks: detection, identification, tracking, and action recognition under this framework. Furthermore, we review and analyze strategies to defend against the physical adversarial attacks and the methods for evaluating the strengths of the defense. The insights in this paper present an important step in building resilience within surveillance systems to physical adversarial attacks.

翻译：现代自动化监控技术严重依赖于深度学习方法。尽管这些学习系统性能优越，但其本质上容易受到对抗性攻击——恶意构造的输入旨在误导或欺骗模型做出错误预测。攻击者可以通过穿着对抗性T恤、眼镜或帽子，或通过特定行为改变其外貌，从而潜在地规避监控系统的各种检测、跟踪和识别手段，并获取对安全财产和资产的未授权访问。这给现代监控系统的安全性带来了严重威胁。本文综述了最近在学习和设计面向监控应用的物理对抗攻击方面的工作和发现。具体而言，我们提出一个分析物理对抗攻击的框架，并在此框架下对四项关键监控任务（检测、识别、跟踪和动作识别）中的物理对抗攻击进行了全面综述。此外，我们评述并分析了防御物理对抗攻击的策略，以及评估防御能力的方法。本文的见解为构建监控系统对物理对抗攻击的韧性迈出了重要一步。