If you follow computer vision and machine learning, you know how deep learning has accelerated its CV’s pace in the last few years. There is some high level understanding of how the deep nets encode and identify the images but we still need better explanations to see how they do it. This is important, if we plan on deploying the nets in a critical security related settings. And this lack of thorough logical explanation doesn’t allow us to plug any holes easily and also gives rise to various scenarios where adversarial actors can take advantage of, for example a bad actor can make some adjustments to the inputs and the system will identify them incorrectly with a very high confidence and this is not acceptable. These minor adjustments can come in a variety of forms: adding slight noise, slight rotation etc. Mind you these adjustments are easily detectable to human eye and we can correctly identify the images.
Google has announced a challenge to tackle this problem. Looks like previous research efforts have focused on adversarial examples that are restricted to small changes to pre-labeled data points, this challenge allows unrestricted inputs, allowing participants to submit arbitrary images from the target classes.
For the challenge you can take an attacker role or a defender role. In the first stage though, google will give a fixed set of attacks which you have to defend against. And the in the second stage it will open up to be an open dual between defenders and attackers, where the attackers can be very creative to come up with their adversarial inputs. This is a fun challenge with great implications.
Good luck to all the Pieneers! As always, know of anyone or any startup working on this, please let me know, I will update this post.
[Image Credit: Thanks to geralt via Pixabay]
Leave a Reply