While deep learning is remarkably successful on perceptual tasks, it was also
shown to be vulnerable to adversarial perturbations of the input. These
perturbations denote noise added to the input that was generated specifically
to fool the system while being quasi-imperceptible for humans. More severely,
there even exist universal perturbations that are input-agnostic but fool the
network on the majority of inputs. While recent work has focused on image
classification, this work proposes attacks against semantic image segmentation:
we present an approach for generating (universal) adversarial perturbations
that make the network yield a desired target segmentation as output. We show
empirically that there exist barely perceptible universal noise patterns which
result in nearly the same predicted segmentation for arbitrary inputs.
Furthermore, we also show the existence of universal noise which removes a
target class (e.g., all pedestrians) from the segmentation while leaving the
segmentation mostly unchanged otherwise.
Description
Universal Adversarial Perturbations Against Semantic Image Segmentation
%0 Generic
%1 metzen2017universal
%A Metzen, Jan Hendrik
%A Kumar, Mummadi Chaithanya
%A Brox, Thomas
%A Fischer, Volker
%D 2017
%K adversarial deep-learning
%T Universal Adversarial Perturbations Against Semantic Image Segmentation
%U http://arxiv.org/abs/1704.05712
%X While deep learning is remarkably successful on perceptual tasks, it was also
shown to be vulnerable to adversarial perturbations of the input. These
perturbations denote noise added to the input that was generated specifically
to fool the system while being quasi-imperceptible for humans. More severely,
there even exist universal perturbations that are input-agnostic but fool the
network on the majority of inputs. While recent work has focused on image
classification, this work proposes attacks against semantic image segmentation:
we present an approach for generating (universal) adversarial perturbations
that make the network yield a desired target segmentation as output. We show
empirically that there exist barely perceptible universal noise patterns which
result in nearly the same predicted segmentation for arbitrary inputs.
Furthermore, we also show the existence of universal noise which removes a
target class (e.g., all pedestrians) from the segmentation while leaving the
segmentation mostly unchanged otherwise.
@misc{metzen2017universal,
abstract = {While deep learning is remarkably successful on perceptual tasks, it was also
shown to be vulnerable to adversarial perturbations of the input. These
perturbations denote noise added to the input that was generated specifically
to fool the system while being quasi-imperceptible for humans. More severely,
there even exist universal perturbations that are input-agnostic but fool the
network on the majority of inputs. While recent work has focused on image
classification, this work proposes attacks against semantic image segmentation:
we present an approach for generating (universal) adversarial perturbations
that make the network yield a desired target segmentation as output. We show
empirically that there exist barely perceptible universal noise patterns which
result in nearly the same predicted segmentation for arbitrary inputs.
Furthermore, we also show the existence of universal noise which removes a
target class (e.g., all pedestrians) from the segmentation while leaving the
segmentation mostly unchanged otherwise.},
added-at = {2017-07-27T18:37:10.000+0200},
author = {Metzen, Jan Hendrik and Kumar, Mummadi Chaithanya and Brox, Thomas and Fischer, Volker},
biburl = {https://www.bibsonomy.org/bibtex/27a5d87acb64514abc1a4dc0d4d462bb5/axel.vogler},
description = {Universal Adversarial Perturbations Against Semantic Image Segmentation},
interhash = {538526de45f3be59a7e50590af852b02},
intrahash = {7a5d87acb64514abc1a4dc0d4d462bb5},
keywords = {adversarial deep-learning},
note = {cite arxiv:1704.05712},
timestamp = {2017-07-27T18:37:10.000+0200},
title = {Universal Adversarial Perturbations Against Semantic Image Segmentation},
url = {http://arxiv.org/abs/1704.05712},
year = 2017
}