POSES: Patch Optimization Strategies for Efficiency and Stealthiness Using eXplainable AI

Adversarial examples, which are carefully crafted inputs designed to deceive deep learning models, create significant challenges in Artificial Intelligence. While adversarial examples have primarily focused on digital-world attacks, recent research has proposed adversarial patches as the focus expands to physical-world attacks. Unlike traditional adversarial examples that use small perturbations, adversarial patches employ large perturbations to bypass existing defense mechanisms against adversarial attacks. Adversarial patches have been shown to be highly effective in causing deep learning models to misclassify. However, existing adversarial patches are often limited by their noticeable appearance and the high computational cost of generating them. To solve these problems, we propose a new adversarial patch generation method called Patch Optimization Strategies for Efficiency and Stealthiness (POSES). POSES uses a two-step optimization architecture that employs an eXplainable AI-based method to optimize the location and size of adversarial patches. Experimental results on benchmark datasets demonstrate that POSES enhances the stealthiness of adversarial patches while maintaining a high attack success rate. We also show that POSES improves attack efficiency by reducing the number of iterations required.