Timezone: »

 
Poster
Watch out! Motion is Blurring the Vision of Your Deep Neural Networks
Qing Guo · Felix Juefei-Xu · Xiaofei Xie · Lei Ma · Jian Wang · Bing Yu · Wei Feng · Yang Liu

Tue Dec 08 09:00 AM -- 11:00 AM (PST) @ Poster Session 1 #404
in Poster Session 2 »

The state-of-the-art deep neural networks (DNNs) are vulnerable against adversarial examples with additive random-like noise perturbations. While such examples are hardly found in the physical world, the image blurring effect caused by object motion, on the other hand, commonly occurs in practice, making the study of which greatly important especially for the widely adopted real-time image processing tasks (e.g., object detection, tracking). In this paper, we initiate the first step to comprehensively investigate the potential hazards of blur effect for DNN, caused by object motion. We propose a novel adversarial attack method that can generate visually natural motion-blurred adversarial examples, named motion-based adversarial blur attack (ABBA). To this end, we first formulate the kernel-prediction-based attack where an input image is convolved with kernels in a pixel-wise way, and the misclassification capability is achieved by tuning the kernel weights. To generate visually more natural and plausible examples, we further propose the saliency-regularized adversarial kernel prediction, where the salient region serves as a moving object, and the predicted kernel is regularized to achieve naturally visual effects. Besides, the attack is further enhanced by adaptively tuning the translations of object and background. A comprehensive evaluation on the NeurIPS'17 adversarial competition dataset demonstrates the effectiveness of ABBA by considering various kernel sizes, translations, and regions. The in-depth study further confirms that our method shows a more effective penetrating capability to the state-of-the-art GAN-based deblurring mechanisms compared with other blurring methods. We release the code to \url{https://github.com/tsingqguo/ABBA}.

Author Information

Qing Guo (Nanyang Technological University)
Felix Juefei-Xu (Alibaba Group)
Xiaofei Xie (Nanyang Technological University)
Lei Ma (Kyushu University, Japan)

I am a tenured assistant professor and co-leading a research group of about 15 researchers at PANGU Lab at Kyushu University, My current research mainly focuses on the interdisciplinary research fields of Software Engineering, Security and Artificial Intelligence, and especially on proposing quality assurance and security solutions for machine learning engineering. I received a B.E. degree from Department of Computer Science and Engineering of Shanghai Jiaotong University in 2009, M.E. and Ph.D degrees from The University of Tokyo in 2011 and 2014, respectively. During my Ph.D. program, I studied half a year in the Mathematics and Computer Science department of Technische Universität München(TUM).

Jian Wang (Nanyang Technological University)
Bing Yu (Kyushu university)
Wei Feng (Tianjin University)

Wei Feng received Ph.D. degree in computer science from City University of Hong Kong in 2008. He is currently a full professor in the School of Computer Science and Technology, Tianjin University. His major research interest is active robotic vision and visual intelligence, specifically including active camera relocalization and lighting recurrence, general Markov Random Fields modeling, dis- crete/continuous energy minimization, image segmentation, active 3D scene perception, SLAM, and generic pattern recognition. Recently, he focuses on solving preventive conservation problems of cultural heritages via computer vision and machine learning. He is an associate editor of Neurocomputing and JAIHC.

Yang Liu (Nanyang Technology University, Singapore)

More from the Same Authors