Adversarial Examples for Semantic Image Segmentation
This work addresses the security and robustness of machine learning models in computer vision, particularly for applications like autonomous driving or medical imaging, but it is incremental as it adapts existing adversarial attack methods to a new task.
The paper tackles the vulnerability of deep neural networks to adversarial perturbations by extending the study from whole-image classification to semantic image segmentation, showing that imperceptible perturbations can cause misclassification of almost all pixels in a chosen class while leaving other areas nearly unchanged.
Machine learning methods in general and Deep Neural Networks in particular have shown to be vulnerable to adversarial perturbations. So far this phenomenon has mainly been studied in the context of whole-image classification. In this contribution, we analyse how adversarial perturbations can affect the task of semantic segmentation. We show how existing adversarial attackers can be transferred to this task and that it is possible to create imperceptible adversarial perturbations that lead a deep network to misclassify almost all pixels of a chosen class while leaving network prediction nearly unchanged outside this class.