Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Jesús Seijas - Fooling Computer Vision [rooted2018]

99 visualizaciones

Publicado el

Computer Vision is one of the technologies that has been growing faster in the last 3 years, and enterprises are adopting it in a very fast way. Are our companies totally safe using this new technologies or there is a way to fool them? We will see a brief introduction of how computer vision works internally, and different kind of attacts: One Pixel Attack, real life stickers, adversarial gradients and adversarial gradients in real life. Remember that the auto-driving cars is a reallity, can our cars been fooled using those attacks?

Publicado en: Tecnología
  • Sé el primero en comentar

  • Sé el primero en recomendar esto

Jesús Seijas - Fooling Computer Vision [rooted2018]

  1. 1. Fooling Computer Vision Jesús Seijas RootedCon 2018
  2. 2. Who am I Fooling Computer Vision
  3. 3. Morphing Fooling Computer Vision
  4. 4. Autonomous Warfare Fooling Computer Vision ACTUV is the largest autonomous vehicle in the world. Is Anti-Submarine Warfare Of course it has weapons
  5. 5. Neural Network Fooling Computer Vision
  6. 6. Gradient Descent Fooling Computer Vision SGD Nesterov Adam Adagrad Windowgrad Adadelta
  7. 7. What is Computer Vision Fooling Computer Vision
  8. 8. 0 5 10 15 20 25 2010 2011 2012 2013 2014 2015 2016 1.200.000 Training Images 1000 Classes ILSVRC ChallengeAlexnet Fooling Computer Vision
  9. 9. Convolution: dot product between two matrixes Convolutional Neural Network Fooling Computer Vision
  10. 10. Convolutional Neural Network Pooling: reducing size of a matrix Fooling Computer Vision
  11. 11. Convolutional Neural Network Fooling Computer Vision
  12. 12. Demo Neural Network Fooling Computer Vision
  13. 13. Attacks SmallLarge In Real LifeIn Picture Low Risk Low Risk Medium Risk High Risk Fooling Computer Vision
  14. 14. Fooling Computer Vision You can read 20+ papers or… Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey (Naveed Akhtar and Ajmal Mian)
  15. 15. One Pixel Attack Fooling Computer Vision
  16. 16. Stickers Fooling Computer Vision
  17. 17. Stickers Fooling Computer Vision Input size 32x32 px Using Custom topology and not a real Autonomous Car The Topology is too simple compared to a real one Not previous image filtering Not aumegtation
  18. 18. Adversarial Fooling Computer Vision Given an input image x, the result of the CNN is a probability distribution over labels: To build an adversary we choose a label y’ and we want to find the x’ such as: is maximized for the target y’ We also want that: is the minimum as posible, so we choose an épsilon that will be an small perturbation. We are talking about pixels with colors, so we accept a minimum modification of color for each pixel, example 2 over 255
  19. 19. Adversarial Fooling Computer Vision
  20. 20. Adversarial Fooling Computer Vision Christian Szegedy 2014 – Research at Google
  21. 21. Adversarial Fooling Computer Vision Demo time!
  22. 22. Adversarial Fooling Computer Vision The generated adversarial is not rotation invariant. But given a distribution of transformations (in this case the possible rotations) we can calculate each gradient descent This process is more complex than a simple adversarial, and a GPU is needed to do it in an acceptable time. Also this training requires more steps and is more susceptible to have less probability depending on the input and the desired class.
  23. 23. Real Life Attacks Fooling Computer Vision
  24. 24. ¿Questions ?
  25. 25. Thank You!