IEEE Access (Jan 2024)
Adversarial Halftone QR Code
Abstract
Recent studies have shown that machine-learning models are vulnerable to adversarial attacks. Adversarial attacks are deliberate attempts to modify the input data of a machine learning model in a way that causes it to produce incorrect predictions. One of the well-established formats of adversarial attacks is the adversarial patch, which takes the form of a small movable patch embedded with visual patterns. The adversarial patch can alter the classification results simply by attaching the patch to the target image scenes. In the previous work, additional data in the form of a QR code was successfully embedded alongside the adversarial patch, namely an adversarial QR code. It contains a dual function: the first function is an adversarial patch to attack an image classification model, and the second function is a QR code capable of embedding information. However, the scanning performance of the previous works was insufficient to be used in practice. To address this issue, this research proposes an adversarial halftone QR code that improves the scanning performance and maintains the efficiency of QR code-based adversarial attacks. The adversarial halftone QR code approach proposes the use of high-quality visual QR codes under a half-tone scheme that is effectively machine-readable under various conditions. The experimental results show that the adversarial halftone QR code exhibits better overall scanning performance across different devices and modules while maintaining its attack performance compared to the adversarial QR code.
Keywords