Adversarial Examples that Fool Detectors

  • 2017-12-07 05:13:54
  • Jiajun Lu, Hussein Sibai, Evan Fabry
  • 30

Abstract

An adversarial example is an example that has been adjusted to produce awrong label when presented to a system at test time. To date, adversarialexample constructions have been demonstrated for classifiers, but not fordetectors. If adversarial examples that could fool a detector exist, they couldbe used to (for example) maliciously create security hazards on roads populatedwith smart vehicles. In this paper, we demonstrate a construction thatsuccessfully fools two standard detectors, Faster RCNN and YOLO. The existenceof such examples is surprising, as attacking a classifier is very differentfrom attacking a detector, and that the structure of detectors - which mustsearch for their own bounding box, and which cannot estimate that box veryaccurately - makes it quite likely that adversarial patterns are stronglydisrupted. We show that our construction produces adversarial examples thatgeneralize well across sequences digitally, even though large perturbations areneeded. We also show that our construction yields physical objects that areadversarial.

 

Quick Read (beta)

loading the full paper ...