Adversarial Attacks for Optical Flow-Based Action Recognition Classifiers

TL;DR

This paper introduces a novel untargeted adversarial attack method targeting the temporal dimension of optical flow-based action recognition models, achieving high success rates and transferability in both white-box and black-box settings.

Contribution

It presents a new attack technique specifically designed for action recognition models that exploit temporal information, demonstrating state-of-the-art effectiveness and transferability.

Findings

Attacks significantly degrade model performance with minimal perturbations.

High success rates in white-box and black-box attack scenarios.

Effective transferability of attacks across different models.

Abstract

The success of deep learning research has catapulted deep models into production systems that our society is becoming increasingly dependent on, especially in the image and video domains. However, recent work has shown that these largely uninterpretable models exhibit glaring security vulnerabilities in the presence of an adversary. In this work, we develop a powerful untargeted adversarial attack for action recognition systems in both white-box and black-box settings. Action recognition models differ from image-classification models in that their inputs contain a temporal dimension, which we explicitly target in the attack. Drawing inspiration from image classifier attacks, we create new attacks which achieve state-of-the-art success rates on a two-stream classifier trained on the UCF-101 dataset. We find that our attacks can significantly degrade a model's performance with sparsely and imperceptibly perturbed examples. We also demonstrate the transferability of our attacks to black-box action recognition systems.