Although Deep Neural Networks (DNNs) have been widely applied in various real-world scenarios, they are vulnerable to adversarial examples. The current adversarial attacks in computer vision can be divided into digital attacks and physical attacks according to their different attack forms. Compared with digital attacks, which generate perturbations in the digital pixels, physical attacks are more practical in the real world. Owing to the serious security problem caused by physically adversarial examples, many works have been proposed to evaluate the physically adversarial robustness of DNNs in the past years. In this paper, we summarize a survey versus the current physically adversarial attacks and physically adversarial defenses in computer vision. To establish a taxonomy, we organize the current physical attacks from attack tasks, attack forms, and attack methods, respectively. Thus, readers can have a systematic knowledge of this topic from different aspects. For the physical defenses, we establish the taxonomy from pre-processing, in-processing, and post-processing for the DNN models to achieve full coverage of the adversarial defenses. Based on the above survey, we finally discuss the challenges of this research field and further outlook on the future direction.

翻译：尽管深度神经网络（DNNs）已广泛应用于各类实际场景，但其对对抗样本具有脆弱性。当前计算机视觉中的对抗攻击可根据攻击形式分为数字攻击与物理攻击。相较于在数字像素层面生成扰动的数字攻击，物理攻击在现实世界中更具实用性。由于物理对抗样本引发严重的安全问题，近年来已有大量研究致力于评估DNNs的物理对抗鲁棒性。本文系统综述了计算机视觉领域中现有的物理对抗攻击与防御方法。为建立分类体系，我们从攻击任务、攻击形式和攻击方法三个维度对现有物理攻击进行归类，使读者能够从多角度系统掌握该领域知识。对于物理防御，我们建立了涵盖DNN模型预处理、处理中阶段和后处理阶段的分类体系，以实现对抗防御的全面覆盖。基于上述综述，我们最后探讨了该研究领域面临的挑战，并对未来发展方向进行了展望。