為了保障個人隱私資料免受不法份子惡意使用物件偵測器進行監控,近年來已經有許多物理對抗補丁生成方法被提出。然而,這些方法往往需要進行大量的超參數調整,並且必須在達到足夠的攻擊效果同時不被他人察覺。因此,生成外觀令人滿意的補丁圖像仍然是一個具有挑戰性的問題。為了解決這個問題,本研究提出了一種基於擴散模型(Diffusion Model)的新型自然對抗補丁生成方法。通過在自然圖像上預訓練的擴散模型中採樣最佳圖像,我們可以穩健地製作出高品質且外觀自然的對抗補丁,而避免其他深度生成模型所遇到的嚴重模式崩潰問題。據我們所知,本研究是第一個針對物件偵測器提出基於擴散模型的物理對抗性補丁生成方法。此外,通過廣泛的定量、定性和主觀實驗,我們發現相比於其他最先進的補丁生成方法,我們的方法可以有效地生成品質更好、更自然的對抗補丁,同時實現出色的攻擊性能;Numerous physical adversarial patch generation methods have been proposed to protect personal privacy from malicious monitoring using object detectors. However, these methods often fall short of generating satisfactory patch images in terms of both stealthiness and attack performance without extensive hyperparameter tuning. To address this issue, we propose a novel naturalistic adversarial patch generation method based on diffusion models (DM). By sampling the optimal image from a DM model pre-trained on natural images, we can craft high-quality and naturalistic physical adversarial patches in a stable manner, without suffering from the serious mode collapse problems that plague other deep generative models. To the best of our knowledge, we are the first to propose a DM-based naturalistic adversarial patch generation method for object detectors. Extensive quantitative, qualitative, and subjective experiments demonstrate that our approach is effective in generating better-quality and more naturalistic adversarial patches while achieving acceptable attack performance compared to other state-of-the-art patch generation methods. Additionally, we show various generation trade-offs under different conditions
