AdvDenoise: Fast Generation Framework of Universal and Robust Adversarial Patches Using Denoise

Jing Li, Zigan Wang, Jinliang Li; Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) Workshops, 2024, pp. 3481-3490

Adversarial patch attacks which can mislead deep learning models and the human eye in both the digital and physical domains have led to a trust crisis. Traditional approaches to generating powerful attack patches require extensive multi-scenario data but suffer from slow search speeds in adversarial gradient space resulting in low global attack success rates and high costs. Especially high resource-consuming attack methods are not sufficient to pose sufficient threats which leads to the vulnerability of defense. To address these challenges we present a novel framework AdvDenoise to generate universal adversarial patches fast and robustly using denoise. Concretely we leverage the power of denoising diffusion probabilistic models to craft or optimize these patches deviating from traditional pure gradient-based methods. We conduct comprehensive experiments on both pre-trained convolutional neural networks and vision transformer detectors evaluating our method on standard benchmarks as well as in simulated real-world physical settings. The results demonstrate that our framework outperforms strong baselines achieving higher attack success rates better transferability across models and improved robustness to transformations while maintaining visual realism and computational efficiency. When our method's performance approaches the state-of-the-art the total time required to generate 100-shots adversarial patches is substantially lower than the state-of-the-art methods with a remarkable 48.15% reduction in time complexity. The code and examples are publicly available at https://github.com/advdenoise/advdenoise.