In a research paper presented in December through a workshop at the 31st Conference on Neural Information Processing Systems (NIPS 2017) and made available last week through ArXiv, a team of researchers from Google discuss a technique for creating an adversarial patch.
This patch, sticker, or cutout consists of a psychedelic graphic which, when placed next to an object like a banana, makes image recognition software see something entirely different, such as a toaster.
[…]
“We construct an attack that does not attempt to subtly transform an existing item into another,” the researchers explain. “Instead, this attack generates an image-independent patch that is extremely salient to a neural network. This patch can then be placed anywhere within the field of view of the classifier, and causes the classifier to output a targeted class.”The boffins observe that because the patch is separate from the scene, it allows attacks on image recognition systems without concern for lighting conditions, camera angles, the type of classifier being attacked, or other objects present in the scene.
While the ruse recalls schemes to trick face scanning systems with geometric makeup patterns, it doesn’t involve altering the salient object in the scene. The addition of the adversarial patch to the scene is enough to confuse the image classification code.
Source: Now that’s sticker shock: Sticky labels make image-recog AI go bananas for toasters • The Register
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft