Uncertainty-weighted Loss Functions for Improved Adversarial Attacks on Semantic Segmentation
This work addresses the security of semantic segmentation systems, which is crucial for applications like autonomous driving, but it is incremental as it builds on existing adversarial attack methods.
The paper tackles the vulnerability of semantic segmentation models to adversarial attacks by introducing uncertainty-weighted loss functions that prioritize easily perturbable pixels and ignore confidently misclassified ones, resulting in significantly improved perturbation performance across multiple datasets and models.
State-of-the-art deep neural networks have been shown to be extremely powerful in a variety of perceptual tasks like semantic segmentation. However, these networks are vulnerable to adversarial perturbations of the input which are imperceptible for humans but lead to incorrect predictions. Treating image segmentation as a sum of pixel-wise classifications, adversarial attacks developed for classification models were shown to be applicable to segmentation models as well. In this work, we present simple uncertainty-based weighting schemes for the loss functions of such attacks that (i) put higher weights on pixel classifications which can more easily perturbed and (ii) zero-out the pixel-wise losses corresponding to those pixels that are already confidently misclassified. The weighting schemes can be easily integrated into the loss function of a range of well-known adversarial attackers with minimal additional computational overhead, but lead to significant improved perturbation performance, as we demonstrate in our empirical analysis on several datasets and models.