pith. sign in

arxiv: 1712.09665 · v2 · pith:FQ7KEVPJnew · submitted 2017-12-27 · 💻 cs.CV

Adversarial Patch

Tom B. Brown , Dandelion Man\'e , Aurko Roy , Mart\'in Abadi , Justin Gilmer This is my paper
classification 💻 cs.CV
keywords adversarialpatchestheybecausescenecauseclassclassifiers
0
0 comments X
read the original abstract

We present a method to create universal, robust, targeted adversarial image patches in the real world. The patches are universal because they can be used to attack any scene, robust because they work under a wide variety of transformations, and targeted because they can cause a classifier to output any target class. These adversarial patches can be printed, added to any scene, photographed, and presented to image classifiers; even when the patches are small, they cause the classifiers to ignore the other items in the scene and report a chosen target class. To reproduce the results from the paper, our code is available at https://github.com/tensorflow/cleverhans/tree/master/examples/adversarial_patch

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 15 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. How Do Document Parsers Break? Auditing Structural Vulnerability in Document Intelligence

    cs.CL 2026-05 conditional novelty 7.0

    A new output-level auditing framework with B-SLR and exposure descriptors shows that structure-targeted perturbations better predict OCR instability and downstream degradation than footprint size in document parsers.

  2. Thermally Activated Dual-Modal Adversarial Clothing against AI Surveillance Systems

    cs.AI 2025-11 unverdicted novelty 7.0

    Thermally activated clothing with thermochromic dyes and heaters creates dynamic adversarial patterns that evade AI surveillance in visible and infrared modalities while appearing ordinary when inactive.

  3. Adversarial Hubness in Multi-Modal Retrieval

    cs.CR 2024-12 unverdicted novelty 7.0

    Adversarial hubs can be generated to be retrieved as top-1 for over 84% of test queries in text-to-image retrieval, far exceeding natural hubs.

  4. TRAP: Tail-aware Ranking Attack for World-Model Planning

    cs.LG 2026-05 unverdicted novelty 6.0

    TRAP is a tail-aware ranking attack that plants a backdoor in world models so that a trigger causes the model to reorder a few critical imagined trajectories and redirect planning while preserving normal behavior on c...

  5. Transferable Physical-World Adversarial Patches Against Object Detection in Autonomous Driving

    cs.CV 2026-04 unverdicted novelty 6.0

    AdvAD produces physical-world adversarial patches with improved transferability to unseen object detectors by multi-model optimization, adaptive balancing, and physical variation robustness.

  6. Transferable Physical-World Adversarial Patches Against Pedestrian Detection Models

    cs.CV 2026-04 unverdicted novelty 6.0

    TriPatch generates transferable physical adversarial patches via multi-stage triplet loss, appearance consistency, and data augmentation to achieve higher attack success rates on pedestrian detectors than prior methods.

  7. Street-Legal Physical-World Adversarial Rim for License Plates

    cs.CV 2026-04 conditional novelty 6.0

    SPAR is a street-legal physical rim that cuts modern ALPR accuracy by 60% and reaches 18% targeted impersonation while costing under $100 and requiring no plate modification.

  8. Remote Rowhammer Attack using Adversarial Observations on Federated Learning Clients

    cs.LG 2025-05 unverdicted novelty 6.0

    A reinforcement learning attacker manipulates client sensor observations in federated learning to induce repetitive server memory updates, achieving around 70% repeated update rate and enabling remote Rowhammer bit fl...

  9. Robust Synthesis of Adversarial Visual Examples Using a Deep Image Prior

    cs.CV 2019-07 unverdicted novelty 6.0

    A DIP-based optimization produces adversarial perturbations and patches that are more robust to affine transformations than standard high-frequency noise while staying imperceptible.

  10. Explaining Deep Learning Models with Constrained Adversarial Examples

    cs.LG 2019-06 unverdicted novelty 6.0

    Introduces CADEX to generate domain-constrained counterfactual explanations for ML models using adversarial perturbations.

  11. On Physical Adversarial Patches for Object Detection

    cs.CV 2019-06 unverdicted novelty 6.0

    A physical patch suppresses all object detections by YOLOv3 even for distant objects without overlapping them.

  12. Understanding Adversarial Transferability in Vision-Language Models for Autonomous Driving: A Cross-Architecture Analysis

    cs.CV 2026-04 unverdicted novelty 5.0

    Adversarial patches transfer across three VLM architectures in autonomous driving scenarios with 73-91% success rates and affect 65-79% of critical decision frames even without target-specific optimization.

  13. Survival of the Cheapest: Cost-Aware Hardware Adaptation for Adversarial Robustness

    cs.CR 2024-09 unverdicted novelty 5.0

    A decision-support framework applies AFT models to show Nvidia L4 GPUs yield 20% longer adversarial survival time at 75% lower cost than V100, with inference latency as the strongest robustness predictor.

  14. RACF: A Resilient Autonomous Car Framework with Object Distance Correction

    cs.RO 2026-04 unverdicted novelty 4.0

    RACF corrects inconsistent depth camera distance estimates in autonomous vehicles using LiDAR and kinematic redundancy, achieving up to 35% RMSE reduction and better braking in tests on a Quanser QCar 2 platform.

  15. Physical Adversarial Attacks on AI Surveillance Systems:Detection, Tracking, and Visible--Infrared Evasion

    cs.CV 2026-04 unverdicted novelty 3.0

    The paper organizes existing physical adversarial attack literature into a surveillance-oriented taxonomy emphasizing temporal persistence, multi-modal sensing, carrier realism, and system-level objectives, concluding...