Locally optimal detection of adversarial inputs to image classifiers

Pierre Moulin; Amish Goel

doi:10.1109/ICMEW.2017.8026257

Locally optimal detection of adversarial inputs to image classifiers

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Deep neural networks achieve state-of-the-art performance for image classification and other tasks but are easily fooled by forgeries which slightly modify a legitimate image in a specific direction and are visually indistinguishable from the original. This presents a security risk for applications such as driverless transportation systems. We formulate detection of such forgeries as a watermark detection problem and derive locally optimal statistical tests for identifying them. Motivated by this optimal structure, we present a procedure for learning a forgery detector from a training set. The reliability of our forgery detector is assessed for several image classification tasks.

Original language	English (US)
Title of host publication	2017 IEEE International Conference on Multimedia and Expo Workshops, ICMEW 2017
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	459-464
Number of pages	6
ISBN (Electronic)	9781538605608
DOIs	https://doi.org/10.1109/ICMEW.2017.8026257
State	Published - Sep 5 2017
Event	2017 IEEE International Conference on Multimedia and Expo Workshops, ICMEW 2017 - Hong Kong, Hong Kong Duration: Jul 10 2017 → Jul 14 2017

Publication series

Name	2017 IEEE International Conference on Multimedia and Expo Workshops, ICMEW 2017

Other

Other	2017 IEEE International Conference on Multimedia and Expo Workshops, ICMEW 2017
Country/Territory	Hong Kong
City	Hong Kong
Period	7/10/17 → 7/14/17

ASJC Scopus subject areas

Computer Science Applications
Media Technology

Online availability

10.1109/ICMEW.2017.8026257

Library availability

Discover UIUC Full Text

Cite this

Moulin, P., & Goel, A. (2017). Locally optimal detection of adversarial inputs to image classifiers. In 2017 IEEE International Conference on Multimedia and Expo Workshops, ICMEW 2017 (pp. 459-464). Article 8026257 (2017 IEEE International Conference on Multimedia and Expo Workshops, ICMEW 2017). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICMEW.2017.8026257

Locally optimal detection of adversarial inputs to image classifiers. / Moulin, Pierre; Goel, Amish.
2017 IEEE International Conference on Multimedia and Expo Workshops, ICMEW 2017. Institute of Electrical and Electronics Engineers Inc., 2017. p. 459-464 8026257 (2017 IEEE International Conference on Multimedia and Expo Workshops, ICMEW 2017).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Moulin, P & Goel, A 2017, Locally optimal detection of adversarial inputs to image classifiers. in 2017 IEEE International Conference on Multimedia and Expo Workshops, ICMEW 2017., 8026257, 2017 IEEE International Conference on Multimedia and Expo Workshops, ICMEW 2017, Institute of Electrical and Electronics Engineers Inc., pp. 459-464, 2017 IEEE International Conference on Multimedia and Expo Workshops, ICMEW 2017, Hong Kong, Hong Kong, 7/10/17. https://doi.org/10.1109/ICMEW.2017.8026257

@inproceedings{1246e7354abf446aa01da15187ac196f,

title = "Locally optimal detection of adversarial inputs to image classifiers",

abstract = "Deep neural networks achieve state-of-the-art performance for image classification and other tasks but are easily fooled by forgeries which slightly modify a legitimate image in a specific direction and are visually indistinguishable from the original. This presents a security risk for applications such as driverless transportation systems. We formulate detection of such forgeries as a watermark detection problem and derive locally optimal statistical tests for identifying them. Motivated by this optimal structure, we present a procedure for learning a forgery detector from a training set. The reliability of our forgery detector is assessed for several image classification tasks.",

author = "Pierre Moulin and Amish Goel",

year = "2017",

month = sep,

day = "5",

doi = "10.1109/ICMEW.2017.8026257",

language = "English (US)",

series = "2017 IEEE International Conference on Multimedia and Expo Workshops, ICMEW 2017",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "459--464",

booktitle = "2017 IEEE International Conference on Multimedia and Expo Workshops, ICMEW 2017",

address = "United States",

note = "2017 IEEE International Conference on Multimedia and Expo Workshops, ICMEW 2017 ; Conference date: 10-07-2017 Through 14-07-2017",

}

TY - GEN

T1 - Locally optimal detection of adversarial inputs to image classifiers

AU - Moulin, Pierre

AU - Goel, Amish

PY - 2017/9/5

Y1 - 2017/9/5

N2 - Deep neural networks achieve state-of-the-art performance for image classification and other tasks but are easily fooled by forgeries which slightly modify a legitimate image in a specific direction and are visually indistinguishable from the original. This presents a security risk for applications such as driverless transportation systems. We formulate detection of such forgeries as a watermark detection problem and derive locally optimal statistical tests for identifying them. Motivated by this optimal structure, we present a procedure for learning a forgery detector from a training set. The reliability of our forgery detector is assessed for several image classification tasks.

AB - Deep neural networks achieve state-of-the-art performance for image classification and other tasks but are easily fooled by forgeries which slightly modify a legitimate image in a specific direction and are visually indistinguishable from the original. This presents a security risk for applications such as driverless transportation systems. We formulate detection of such forgeries as a watermark detection problem and derive locally optimal statistical tests for identifying them. Motivated by this optimal structure, we present a procedure for learning a forgery detector from a training set. The reliability of our forgery detector is assessed for several image classification tasks.

UR - http://www.scopus.com/inward/record.url?scp=85031702793&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85031702793&partnerID=8YFLogxK

U2 - 10.1109/ICMEW.2017.8026257

DO - 10.1109/ICMEW.2017.8026257

M3 - Conference contribution

AN - SCOPUS:85031702793

T3 - 2017 IEEE International Conference on Multimedia and Expo Workshops, ICMEW 2017

SP - 459

EP - 464

BT - 2017 IEEE International Conference on Multimedia and Expo Workshops, ICMEW 2017

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2017 IEEE International Conference on Multimedia and Expo Workshops, ICMEW 2017

Y2 - 10 July 2017 through 14 July 2017

ER -

Locally optimal detection of adversarial inputs to image classifiers

Abstract

Publication series

Other

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this