Analyzing Adversarial Robustness of Deep Neural Networks in Pixel Space: a Semantic Perspective

• URL: http://arxiv.org/abs/2106.09872v1
• Date: Fri, 18 Jun 2021 02:16:01 GMT
• Title: Analyzing Adversarial Robustness of Deep Neural Networks in Pixel Space: a Semantic Perspective
• Authors: Lina Wang, Xingshu Chen, Yulong Wang, Yawei Yue, Yi Zhu, Xuemei Zeng, Wei Wang
• Abstract summary: adversarial examples are crafted maliciously by modifying the inputs with imperceptible perturbations to misled the network produce incorrect outputs. Previous works study the adversarial robustness of image classifiers on image level and use all the pixel information in an image indiscriminately. In this work, we propose an algorithm to looking for possible perturbations pixel by pixel in different regions of the segmented image.
• Score: 23.69696449352784
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: The vulnerability of deep neural networks to adversarial examples, which are crafted maliciously by modifying the inputs with imperceptible perturbations to misled the network produce incorrect outputs, reveals the lack of robustness and poses security concerns. Previous works study the adversarial robustness of image classifiers on image level and use all the pixel information in an image indiscriminately, lacking of exploration of regions with different semantic meanings in the pixel space of an image. In this work, we fill this gap and explore the pixel space of the adversarial image by proposing an algorithm to looking for possible perturbations pixel by pixel in different regions of the segmented image. The extensive experimental results on CIFAR-10 and ImageNet verify that searching for the modified pixel in only some pixels of an image can successfully launch the one-pixel adversarial attacks without requiring all the pixels of the entire image, and there exist multiple vulnerable points scattered in different regions of an image. We also demonstrate that the adversarial robustness of different regions on the image varies with the amount of semantic information contained.

Related papers

• UP-CrackNet: Unsupervised Pixel-Wise Road Crack Detection via Adversarial Image Restoration [23.71017765426465]
  We propose an unsupervised pixel-wise road crack detection network, known as UP-CrackNet. Our approach first generates multi-scale square masks and randomly selects them to corrupt undamaged road images by removing certain regions. A generative adversarial network is trained to restore the corrupted regions by leveraging the semantic context learned from surrounding uncorrupted regions.
  arXiv  Detail & Related papers  (2024-01-28T12:51:01Z)
• Exploring Geometry of Blind Spots in Vision Models [56.47644447201878]
  We study the phenomenon of under-sensitivity in vision models such as CNNs and Transformers. We propose a Level Set Traversal algorithm that iteratively explores regions of high confidence with respect to the input space. We estimate the extent of these connected higher-dimensional regions over which the model maintains a high degree of confidence.
  arXiv  Detail & Related papers  (2023-10-30T18:00:33Z)
• Pixel-Inconsistency Modeling for Image Manipulation Localization [63.54342601757723]
  Digital image forensics plays a crucial role in image authentication and manipulation localization. This paper presents a generalized and robust manipulation localization model through the analysis of pixel inconsistency artifacts. Experiments show that our method successfully extracts inherent pixel-inconsistency forgery fingerprints.
  arXiv  Detail & Related papers  (2023-09-30T02:54:51Z)
• Probabilistic Deep Metric Learning for Hyperspectral Image Classification [91.5747859691553]
  This paper proposes a probabilistic deep metric learning framework for hyperspectral image classification. It aims to predict the category of each pixel for an image captured by hyperspectral sensors. Our framework can be readily applied to existing hyperspectral image classification methods.
  arXiv  Detail & Related papers  (2022-11-15T17:57:12Z)
• Structure-Preserving Progressive Low-rank Image Completion for Defending Adversarial Attacks [20.700098449823024]
  Deep neural networks recognize objects by analyzing local image details and summarizing their information along the inference layers to derive the final decision. Small sophisticated noise in the input images can accumulate along the network inference path and produce wrong decisions at the network output. Human eyes recognize objects based on their global structure and semantic cues, instead of local image textures.
  arXiv  Detail & Related papers  (2021-03-04T01:24:15Z)
• AINet: Association Implantation for Superpixel Segmentation [82.21559299694555]
  We propose a novel textbfAssociation textbfImplantation (AI) module to enable the network to explicitly capture the relations between the pixel and its surrounding grids. Our method could not only achieve state-of-the-art performance but maintain satisfactory inference efficiency.
  arXiv  Detail & Related papers  (2021-01-26T10:40:13Z)
• Gigapixel Histopathological Image Analysis using Attention-based Neural Networks [7.1715252990097325]
  We propose a CNN structure consisting of a compressing path and a learning path. Our method integrates both global and local information, is flexible with regard to the size of the input images and only requires weak image-level labels.
  arXiv  Detail & Related papers  (2021-01-25T10:18:52Z)
• An Empirical Method to Quantify the Peripheral Performance Degradation in Deep Networks [18.808132632482103]
  convolutional neural network (CNN) kernels compound with each convolutional layer. Deeper and deeper networks combined with stride-based down-sampling means that the propagation of this region can end up covering a non-negligable portion of the image. Our dataset is constructed by inserting objects into high resolution backgrounds, thereby allowing us to crop sub-images which place target objects at specific locations relative to the image border. By probing the behaviour of Mask R-CNN across a selection of target locations, we see clear patterns of performance degredation near the image boundary, and in particular in the image corners.
  arXiv  Detail & Related papers  (2020-12-04T18:00:47Z)
• Free-Form Image Inpainting via Contrastive Attention Network [64.05544199212831]
  In image inpainting tasks, masks with any shapes can appear anywhere in images which form complex patterns. It is difficult for encoders to capture such powerful representations under this complex situation. We propose a self-supervised Siamese inference network to improve the robustness and generalization.
  arXiv  Detail & Related papers  (2020-10-29T14:46:05Z)
• Rethinking of the Image Salient Object Detection: Object-level Semantic Saliency Re-ranking First, Pixel-wise Saliency Refinement Latter [62.26677215668959]
  We propose a lightweight, weakly supervised deep network to coarsely locate semantically salient regions. We then fuse multiple off-the-shelf deep models on these semantically salient regions as the pixel-wise saliency refinement. Our method is simple yet effective, which is the first attempt to consider the salient object detection mainly as an object-level semantic re-ranking problem.
  arXiv  Detail & Related papers  (2020-08-10T07:12:43Z)
• A Black-box Adversarial Attack Strategy with Adjustable Sparsity and Generalizability for Deep Image Classifiers [16.951363298896638]
  Black-box adversarial perturbations are more practical for real-world applications. We propose the DEceit algorithm for constructing effective universal pixel-restricted perturbations. We find that perturbing only about 10% of the pixels in an image using DEceit achieves a commendable and highly transferable Fooling Rate.
  arXiv  Detail & Related papers  (2020-04-24T19:42:00Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.