Interactive Analysis of CNN Robustness
This addresses the issue of CNN robustness for machine learning researchers and practitioners, but it is incremental as it builds on existing tools and methods for analyzing model vulnerabilities.
The paper tackles the problem of CNN sensitivity to input perturbations by presenting Perturber, a web-based tool for interactive exploration of CNN vulnerabilities, which helped users generate hypotheses and yielded new insights about adversarially trained models through quantitative analyses.
While convolutional neural networks (CNNs) have found wide adoption as state-of-the-art models for image-related tasks, their predictions are often highly sensitive to small input perturbations, which the human vision is robust against. This paper presents Perturber, a web-based application that allows users to instantaneously explore how CNN activations and predictions evolve when a 3D input scene is interactively perturbed. Perturber offers a large variety of scene modifications, such as camera controls, lighting and shading effects, background modifications, object morphing, as well as adversarial attacks, to facilitate the discovery of potential vulnerabilities. Fine-tuned model versions can be directly compared for qualitative evaluation of their robustness. Case studies with machine learning experts have shown that Perturber helps users to quickly generate hypotheses about model vulnerabilities and to qualitatively compare model behavior. Using quantitative analyses, we could replicate users' insights with other CNN architectures and input images, yielding new insights about the vulnerability of adversarially trained models.