Confusing Deep Convolution Networks by Relabelling
Leigh Robinson, Benjamin Graham
TL;DR
This paper demonstrates how deep convolutional neural networks can be fooled into misclassifying images by subtle perturbations, effectively relabeling images without visual changes, exposing vulnerabilities in their generalization capabilities.
Contribution
It introduces a simple method to perturb images so they are visually indistinguishable but assigned arbitrary labels, revealing weaknesses in CNN robustness.
Findings
CNNs can be fooled into relabeling images with minimal perturbations
Perturbed images remain visually similar to originals
The method exposes vulnerabilities in CNN generalization
Abstract
Deep convolutional neural networks have become the gold standard for image recognition tasks, demonstrating many current state-of-the-art results and even achieving near-human level performance on some tasks. Despite this fact it has been shown that their strong generalisation qualities can be fooled to misclassify previously correctly classified natural images and give erroneous high confidence classifications to nonsense synthetic images. In this paper we extend that work, by presenting a straightforward way to perturb an image in such a way as to cause it to acquire any other label from within the dataset while leaving this perturbed image visually indistinguishable from the original.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Advanced Neural Network Applications