Adversarial Examples that Fool both Computer Vision and Time-Limited Humans
Gamaleldin F. Elsayed, Shreya Shankar, Brian Cheung, Nicolas Papernot,, Alex Kurakin, Ian Goodfellow, Jascha Sohl-Dickstein
TL;DR
This paper investigates whether adversarial examples that fool computer vision models also affect human perception under time constraints, revealing that such examples can influence human classification decisions.
Contribution
It demonstrates that transfer-based adversarial examples impact human visual classification when humans are under time pressure, bridging the gap between machine and human vulnerabilities.
Findings
Adversarial examples transfer across models influence human decisions.
Time-limited humans are susceptible to adversarial perturbations.
Transferability of adversarial examples extends from models to humans.
Abstract
Machine learning models are vulnerable to adversarial examples: small changes to images can cause computer vision models to make mistakes such as identifying a school bus as an ostrich. However, it is still an open question whether humans are prone to similar mistakes. Here, we address this question by leveraging recent techniques that transfer adversarial examples from computer vision models with known parameters and architecture to other models with unknown parameters and architecture, and by matching the initial processing of the human visual system. We find that adversarial examples that strongly transfer across computer vision models influence the classifications made by time-limited human observers.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
This Fools Your Vision | Two Minute Papers #241· youtube
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications