Browsing by Subject "adversarial patches"
Now showing 1 - 2 of 2
Results Per Page
Sort Options
Item Adversarial Patches Exploiting Contextual Reasoning in Object Detection(2019-12-21) Saha, Aniruddha; Subramanya, Akshayvarun; Patil, KoninikaThe utilization of spatial context to improve accuracy in most fast object detection algorithms is well known. The detectors increase inference speed by doing a single forward pass per image which means they implicitly use contextual reasoning for their predictions. We show that an adversary can exploit such contextual reasoning to fool standard detectors. We develop adversarial patches that make an object detector blind to a particular category even though the patch does not overlap with the missed detections. We also study methods to fix this vulnerability and show that limiting the use of contextual reasoning during object detector training acts as a form of defense that makes the detector robust. We believe defending against context based adversarial attack algorithms is not easy. We take a step towards that direction and urge the research community to give attention to this vulnerability.Item Fooling Network Interpretation in Image Classification(2019-09-24) Subramanya, Akshayvarun; Pillai, Vipin; Pirsiavash, HamedDeep neural networks have been shown to be fooled rather easily using adversarial attack algorithms. Practical methods such as adversarial patches have been shown to be extremely effective in causing misclassification. However, these patches are highlighted using standard network interpretation algorithms, thus revealing the identity of the adversary. We show that it is possible to create adversarial patches which not only fool the prediction, but also change what we interpret regarding the cause of the prediction. Moreover, we introduce our attack as a controlled setting to measure the accuracy of interpretation algorithms. We show this using extensive experiments for Grad-CAM interpretation that transfers to occluding patch interpretation as well. We believe our algorithms can facilitate developing more robust network interpretation tools that truly explain the network's underlying decision making process.