Instability of computer vision models is a necessary result of the task itself
This addresses a foundational problem in computer vision security, identifying inherent limitations rather than incremental improvements.
The paper argues that instability in computer vision models, leading to adversarial examples, is inevitable due to symmetries in data, categorical classification tasks, and discrepancies in image-object classification, exacerbated by non-exhaustive labeling. It proposes partial alleviation through methods like increasing image resolution and providing contextual information.
Adversarial examples resulting from instability of current computer vision models are an extremely important topic due to their potential to compromise any application. In this paper we demonstrate that instability is inevitable due to a) symmetries (translational invariance) of the data, b) the categorical nature of the classification task, and c) the fundamental discrepancy of classifying images as objects themselves. The issue is further exacerbated by non-exhaustive labelling of the training data. Therefore we conclude that instability is a necessary result of how the problem of computer vision is currently formulated. While the problem cannot be eliminated, through the analysis of the causes, we have arrived at ways how it can be partially alleviated. These include i) increasing the resolution of images, ii) providing contextual information for the image, iii) exhaustive labelling of training data, and iv) preventing attackers from frequent access to the computer vision system.