CDAE: Color decomposition-based adversarial examples for screen devices

Abstract

Abstract Adversarial examples can easily fool existing powerful deep neural networks. However, we find that the attack ability of most existing adversarial attack methods is significantly degraded once the generated adversarial examples are shown on screen devices and are further captured. This is mainly attributed to two challenges: 1) Extra noises and variance during the capturing process, such as lens distortion and diverse capturing angle. 2) They get stuck in a self-contradictory problem between visual quality and attack ability. Inspired by the properties of the human visual system (HVS), this paper dedicatedly designs the first color decomposition-based adversarial example method CDAE for screen devices. Specifically, it decomposes one regular screen frame into two symmetric adversarial frames with maximum modifications while theoretically guaranteeing the visual quality perceived by human observers. Thanks to the powerful generalization ability of the proposed method, we can combine it with most adversarial example generation methods and achieve state-of-the-art attack ability. Additionally, it can also be used to protect important information from leakage and attack existing video action recognition networks.