The Importance of Image Interpretation: Patterns of Semantic   Misclassification in Real-World Adversarial Images

Zhengyu Zhao; Nga Dang; Martha Larson

arXiv:2206.01467·cs.CV·December 14, 2022

The Importance of Image Interpretation: Patterns of Semantic Misclassification in Real-World Adversarial Images

Zhengyu Zhao, Nga Dang, Martha Larson

PDF

Open Access 1 Repo

TL;DR

This paper advocates evaluating adversarial images based on semantic mismatch rather than label mismatch, providing a more realistic understanding of adversarial threats and enabling transferability assessment without prior label knowledge.

Contribution

It introduces a semantic-based evaluation framework for adversarial images, allowing analysis of transferability and semantic patterns in misclassifications in real-world classifiers.

Findings

01

Semantic mismatch evaluation reveals more realistic adversarial vulnerabilities.

02

Transfer attack demonstrates patterns in semantic misclassifications.

03

Semantic approach enables assessment without classifier label set during creation.

Abstract

Adversarial images are created with the intention of causing an image classifier to produce a misclassification. In this paper, we propose that adversarial images should be evaluated based on semantic mismatch, rather than label mismatch, as used in current work. In other words, we propose that an image of a "mug" would be considered adversarial if classified as "turnip", but not as "cup", as current systems would assume. Our novel idea of taking semantic misclassification into account in the evaluation of adversarial images offers two benefits. First, it is a more realistic conceptualization of what makes an image adversarial, which is important in order to fully understand the implications of adversarial images for security and privacy. Second, it makes it possible to evaluate the transferability of adversarial images to a real-world classifier, without requiring the classifier's…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Code & Models

Repositories

zhengyuzhao/targeted-transfer
pytorchOfficial

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdversarial Robustness in Machine Learning · Digital Media Forensic Detection · Bacillus and Francisella bacterial research