Is Deep Learning Safe for Robot Vision? Adversarial Examples against the iCub Humanoid
This addresses safety concerns for robot-vision applications, though it is incremental as it builds on known adversarial example research.
The paper investigated the vulnerability of robot-vision systems using deep learning to adversarial examples, showing they can be fooled by barely-perceivable noise, and proposed a computationally efficient countermeasure based on rejecting anomalous inputs.
Deep neural networks have been widely adopted in recent years, exhibiting impressive performances in several application domains. It has however been shown that they can be fooled by adversarial examples, i.e., images altered by a barely-perceivable adversarial noise, carefully crafted to mislead classification. In this work, we aim to evaluate the extent to which robot-vision systems embodying deep-learning algorithms are vulnerable to adversarial examples, and propose a computationally efficient countermeasure to mitigate this threat, based on rejecting classification of anomalous inputs. We then provide a clearer understanding of the safety properties of deep networks through an intuitive empirical analysis, showing that the mapping learned by such networks essentially violates the smoothness assumption of learning algorithms. We finally discuss the main limitations of this work, including the creation of real-world adversarial examples, and sketch promising research directions.