Is Deep Learning Safe for Robot Vision? Adversarial Examples against the iCub Humanoid

TL;DR

This paper investigates the vulnerability of deep learning-based robot vision systems to adversarial examples and proposes an anomaly rejection method to improve safety, revealing that deep networks often violate smoothness assumptions.

Contribution

It evaluates the susceptibility of robot-vision deep networks to adversarial attacks and introduces an efficient anomaly detection approach to enhance robustness.

Findings

Deep networks are vulnerable to adversarial examples in robot vision.

Anomaly rejection improves robustness against adversarial inputs.

Deep networks often violate smoothness assumptions in learning.

Abstract

Deep neural networks have been widely adopted in recent years, exhibiting impressive performances in several application domains. It has however been shown that they can be fooled by adversarial examples, i.e., images altered by a barely-perceivable adversarial noise, carefully crafted to mislead classification. In this work, we aim to evaluate the extent to which robot-vision systems embodying deep-learning algorithms are vulnerable to adversarial examples, and propose a computationally efficient countermeasure to mitigate this threat, based on rejecting classification of anomalous inputs. We then provide a clearer understanding of the safety properties of deep networks through an intuitive empirical analysis, showing that the mapping learned by such networks essentially violates the smoothness assumption of learning algorithms. We finally discuss the main limitations of this work, including the creation of real-world adversarial examples, and sketch promising research directions.