1. Introduction
The rise of Convolutional Neural Networks (CNNs) has seen huge successes in the field of computer vision. The data-driven end-to-end pipeline in which CNNs learn on images has proven to get the best results in a wide range of computer vision tasks. Due to the depth of these architectures, neural networks are able to learn very basic filters at the bottom of the network (where the data comes in) to very abstract high level features at the top. To do this, a typical CNN contains millions of learned parameters. While this approach results in very accurate models, the interpretability decreases dramatically.
Understanding exactly why a network classifies an image of a person as a person is very hard. The network has learned what a person looks likes by looking at many pictures of other persons. By evaluating the model we can determine how well the model work for person detection by comparing it to human annotated images. Evaluating the model in such a way however only tells us how well a detector performs on a certain test set. This test set does not typically contain examples that are designed to steer the model in the wrong way, nor does it contains examples that are especially targeted to fool the model.
This is fine for applications where attacks are unlikely such as for instance fall detection for elderly people, but can pose a real issue in for instance security systems. A vulnerability in the person detection model of a security system might be used to circumvent a surveillance camera that is used for break in prevention in a building. In this paper we highlight the risks of such an attack on person detection systems. We create a small (around 40cm × 40cm) “adverserial patch” that is used as a cloaking device to hide people from object detectors.
18 Apr 2019
Simen Thys∗
simen.thys@student.kuleuven.be
Wiebe Van Ranst∗
wiebe.vanranst@kuleuven.be
Toon Goedem ́e
toon.goedeme@kuleuven.be
KU Leuven
EAVISE, Technology Campus De Nayer, KU Leuven, Belgium.
∗ Authors contributed equally to this paperSource code is available at: https://gitlab.com/ EAVISE/adversarial-yolo