Detecting Adversarial Perturbations in Multi-Task Perception
This addresses the sensitivity of deep neural networks to adversarial attacks in practical applications like autonomous driving, though it is incremental as it builds on existing multi-task perception methods.
The paper tackles the problem of adversarial perturbation detection in multi-task perception by proposing a detection scheme based on inconsistencies between edges from input images, depth outputs, and segmentation outputs, achieving up to 100% correct detection at a 5% false positive rate depending on perturbation strength.
While deep neural networks (DNNs) achieve impressive performance on environment perception tasks, their sensitivity to adversarial perturbations limits their use in practical applications. In this paper, we (i) propose a novel adversarial perturbation detection scheme based on multi-task perception of complex vision tasks (i.e., depth estimation and semantic segmentation). Specifically, adversarial perturbations are detected by inconsistencies between extracted edges of the input image, the depth output, and the segmentation output. To further improve this technique, we (ii) develop a novel edge consistency loss between all three modalities, thereby improving their initial consistency which in turn supports our detection scheme. We verify our detection scheme's effectiveness by employing various known attacks and image noises. In addition, we (iii) develop a multi-task adversarial attack, aiming at fooling both tasks as well as our detection scheme. Experimental evaluation on the Cityscapes and KITTI datasets shows that under an assumption of a 5% false positive rate up to 100% of images are correctly detected as adversarially perturbed, depending on the strength of the perturbation. Code is available at https://github.com/ifnspaml/AdvAttackDet. A short video at https://youtu.be/KKa6gOyWmH4 provides qualitative results.