Consistent Semantic Attacks on Optical Flow
Tom Koren, Lior Talker, Michael Dinerstein, Roy J Jevnisek
TL;DR
This paper introduces a novel adversarial attack method on optical flow models that not only corrupts specific object predictions but also conceals the attack's intent by maintaining output consistency, effective in various settings.
Contribution
The paper proposes a new regularization-based attack technique that hides the attacker's intent within optical flow outputs, enhancing stealthiness and effectiveness across models and tasks.
Findings
Effective in white-box and black-box scenarios
Successfully targets specific object categories
Preserves output consistency to hide attack
Abstract
We present a novel approach for semantically targeted adversarial attacks on Optical Flow. In such attacks the goal is to corrupt the flow predictions of a specific object category or instance. Usually, an attacker seeks to hide the adversarial perturbations in the input. However, a quick scan of the output reveals the attack. In contrast, our method helps to hide the attackers intent in the output as well. We achieve this thanks to a regularization term that encourages off-target consistency. We perform extensive tests on leading optical flow models to demonstrate the benefits of our approach in both white-box and black-box settings. Also, we demonstrate the effectiveness of our attack on subsequent tasks that depend on the optical flow.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Digital Media Forensic Detection