Late Breaking Results: Physical Adversarial Attacks of Diffractive Deep Neural Networks

Diffractive Deep Neural Network ((DNN)-N-2) can work as a neural network with the diffraction of light and have demonstrated orders of magnitude performance improvements in computation speed and energy efficiency [1], [2]. As a result, there have been increasing interests in applying D(2)NNs into security-sensilive applications, such as security gate sensing, drug detection, etc. However, the comprehensive vulnerability and robustness of optical neural networks have never been sludied. In this work, we develop the first adversarial attack formulations over optical physical meanings, and provide comprehensive analysis of adversarial robustness of D(2)NNs under practical adversarial threats over optical domains, i.e. Phase attack, Amplilude allack, and Complex-domain attack, which can be realized in (DNN)-N-2 system using amplitude and phase modulators. We demonstrate that the proposed Complex Fast Gradient Sign Method (Complex-FGSM) can successfully generale minimal-changed (small epsilon) physically feasible adversarial examples targeting pre-trained D(2)NNs model on MNIST-10 dataset, which bring down ils accuracy to <= 20% from 95.4%.