{"id":4195,"date":"2020-12-14T06:33:49","date_gmt":"2020-12-14T06:33:49","guid":{"rendered":"https:\/\/www.aiproblog.com\/index.php\/2020\/12\/14\/robust-adversarial-inputs\/"},"modified":"2020-12-14T06:33:49","modified_gmt":"2020-12-14T06:33:49","slug":"robust-adversarial-inputs","status":"publish","type":"post","link":"https:\/\/www.aiproblog.com\/index.php\/2020\/12\/14\/robust-adversarial-inputs\/","title":{"rendered":"Robust Adversarial Inputs"},"content":{"rendered":"

Author: Andrea Manero-Bastin<\/p>\n

\n

This article was written on OpenAI<\/a>. <\/span><\/i><\/p>\n<\/p>\n

We’ve created images that reliably fool neural network classifiers when viewed from varied scales and perspectives. This challenges a claim from last week that self-driving cars would be hard to trick maliciously since they capture images from multiple scales, angles, perspectives, and the like.<\/span><\/p>\n<\/p>\n

<\/a><\/span><\/p>\n<\/p>\n

Scale-invariant adversarial examples<\/b><\/span><\/p>\n

Adversarial examples can be created using an optimization method called projected gradient descent to find small perturbations to the image that arbitrarily fool the classifier.<\/span><\/p>\n

Instead of optimizing for finding an input that’s adversarial from a single viewpoint, we optimize over a large ensemble of stochastic classifiers that randomly rescale the input before classifying it. Optimizing against such an ensemble produces robust adversarial examples that are scale-invariant.<\/span><\/p>\n<\/p>\n

Transformation-invariant adversarial examples<\/b><\/span><\/p>\n

By adding random rotations, translations, scales, noise, and mean shifts to our training perturbations, the same technique produces a single input that remains adversarial under any of these transformations.<\/span><\/p>\n<\/p>\n

To read the whole article, with illustrations and their explanations, click here<\/a>.<\/i><\/p>\n

 <\/span><\/i><\/span><\/p>\n

DSC Ressources<\/b><\/span><\/p>\n