Pattern Corruption-Assisted Physical Attacks Against Object Detection in UAV Remote Sensing

Deep neural networks (DNNs) have attained remarkable success in aerial detection tasks, yet they remain susceptible to adversarial samples, posing a significant challenge for their practical applications. While numerous transferable attacks have been proposed, they frequently overlook the essential balance between attack effectiveness and the feasibility of physical implementation. In this article, we concentrate our efforts on adversarial attacks against aerial detection, crafting transferable adversarial patches that can be implemented in the physical world. To this end, we introduce localized pattern corruptions, such as light spots and shadows, around the target during the training phase. These corruptions could pull the image distributions closer to the decision boundaries of the surrogate model, thereby enhancing the transferability of patches. In addition, we avoid directly optimizing adversarial patterns with traditional gradient-based techniques. Instead, we opt to update the weights of a specialized generator, which employs multilayer perceptrons (MLPs) as its core component for mapping purposes. To verify the effectiveness of our method, we conduct experiments across both the digital and physical domains. The results reveal that our approach outperforms state-of-the-art methods in terms of attack performance.