Exploring the Space of Adversarial Images
This work addresses security vulnerabilities in deep learning systems, though it appears incremental with visualizations and comparisons rather than major breakthroughs.
The researchers investigated adversarial examples for deep neural networks by formalizing the problem and generating adversarial images on MNIST and ImageNet datasets, finding that shallow classifiers appear more robust than deep convolutional networks against such attacks.
Adversarial examples have raised questions regarding the robustness and security of deep neural networks. In this work we formalize the problem of adversarial images given a pretrained classifier, showing that even in the linear case the resulting optimization problem is nonconvex. We generate adversarial images using shallow and deep classifiers on the MNIST and ImageNet datasets. We probe the pixel space of adversarial images using noise of varying intensity and distribution. We bring novel visualizations that showcase the phenomenon and its high variability. We show that adversarial images appear in large regions in the pixel space, but that, for the same task, a shallow classifier seems more robust to adversarial images than a deep convolutional network.