Timezone: »

Adversarial Examples that Fool both Computer Vision and Time-Limited Humans
Gamaleldin Elsayed · Shreya Shankar · Brian Cheung · Nicolas Papernot · Alexey Kurakin · Ian Goodfellow · Jascha Sohl-Dickstein

Tue Dec 04 07:45 AM -- 09:45 AM (PST) @ Room 517 AB #108

Machine learning models are vulnerable to adversarial examples: small changes to images can cause computer vision models to make mistakes such as identifying a school bus as an ostrich. However, it is still an open question whether humans are prone to similar mistakes. Here, we address this question by leveraging recent techniques that transfer adversarial examples from computer vision models with known parameters and architecture to other models with unknown parameters and architecture, and by matching the initial processing of the human visual system. We find that adversarial examples that strongly transfer across computer vision models influence the classifications made by time-limited human observers.

Author Information

Gamaleldin Elsayed (Google Brain)
Shreya Shankar (Stanford University)
Brian Cheung (UC Berkeley)
Nicolas Papernot (Google Brain)
Alexey Kurakin (Google Brain)
Ian Goodfellow (Google)
Jascha Sohl-Dickstein (Google Brain)

More from the Same Authors