adversarial camera stickers a physical camera based
play

Adversarial camera stickers: A physical camera-based attack on deep - PowerPoint PPT Presentation

Sep 24, 2022 •210 likes •375 views

Adversarial camera stickers: A physical camera-based attack on deep learning systems Adversarial camera stickers: A physical camera-based attack on deep learning systems Juncheng B. Li, Frank R. Schmidt, J. Zico Kolter Bosch Center for

  1. Adversarial camera stickers: A physical camera-based attack on deep learning systems Adversarial camera stickers: A physical camera-based attack on deep learning systems Juncheng B. Li, Frank R. Schmidt, J. Zico Kolter Bosch Center for Artificial Intelligence 1 Juncheng B. Li, Frank R. Schmidt, J. Zico Kolter | Bosch Center for Artificial Intelligence

  2. Adversarial attacks: not just a digital problem All existing physical attacks modify the object . Sharif et al., 2016 Etimov et al., 2017 Athalye et al., 2017 2 Juncheng B. Li, Frank R. Schmidt, J. Zico Kolter | Bosch Center for Artificial Intelligence

  3. QUESTION All existing physical attacks modify the object , but is it possible instead to fool deep classifiers by modifying the camera ? 3 Juncheng B. Li, Frank R. Schmidt, J. Zico Kolter | Bosch Center for Artificial Intelligence

  4. This paper: A physical adversarial camera attack • We show it is indeed possible to create visually inconspicuous modifications to a camera that fool deep classifiers • Uses a small specially-crafted translucent sticker, placed upon camera lens • The adversarial attack is universal , meaning that a single perturbation can fool the classifier for a given object class over multiple viewpoints and scales 4 Juncheng B. Li, Frank R. Schmidt, J. Zico Kolter | Bosch Center for Artificial Intelligence

  5. The challenge of physical sticker attacks The challenge Our solution • (Inconspicuous) physical stickers • A differentiable model of sticker are extremely limited in their perturbations, based upon alpha resolution (can only create blurry blending of blurred image overlays dots over images) • Use gradient descent to both fit the • Need to both learn a model of perturbation model to observed data, allowable perturbations and create and construct an adversarial attack the adversarial image 5 Juncheng B. Li, Frank R. Schmidt, J. Zico Kolter | Bosch Center for Artificial Intelligence

  6. Methodology • Attack model consists of smoothed alpha blend between observed image and some fixed color (iterated to produce multiple dots) The Transparent Sticker • Parameters of attack include color c , dot position ( x c , y c ) and bandwidth σ • Key idea: use gradient descent over some parameters (e.g., color, bandwidth) to fit model to observed physical images, over other parameters (e.g. location) to maximize loss • 6 Juncheng B. Li, Frank R. Schmidt, J. Zico Kolter | Bosch Center for Artificial Intelligence

  7. How does a dot look like through camera lense? Clean Camera View Red Dot Resulting Blur Simulated Blur 8 7 Juncheng B. Li, Frank R. Schmidt, J. Zico Kolter | Bosch Center for Artificial Intelligence Juncheng B. Li, Frank R. Schmidt, J. Zico Kolter | Bosch Center for Artificial Intelligence

  8. Results: Virtual Evaluation Table 1. Performance of our 6-dot attacks on ImageNet test set Class Attack Prediction Correct Target Other Keyboard No 85% 15% Mouse Yes 48% 16% 36% Street sign No 64% 36% Guitar Pick Yes 32% 34% 34% Street sign No 64% 36% Yes 50 random classes 18% 49% 33% 50 random classes No 74% 26% Yes 50 random classes 42% 27% 31% 8 Juncheng B. Li, Frank R. Schmidt, J. Zico Kolter | Bosch Center for Artificial Intelligence

  9. 9 Juncheng B. Li, Frank R. Schmidt, J. Zico Kolter | Bosch Center for Artificial Intelligence

  10. 10 Juncheng B. Li, Frank R. Schmidt, J. Zico Kolter | Bosch Center for Artificial Intelligence

  11. This is a ResNet-50 model implemented with PyTorch deployed on a Logitech C920 WebCam with clear lense. It can recognize street sign at different angles with only minor errors. 11 Juncheng B. Li, Frank R. Schmidt, J. Zico Kolter | Bosch Center for Artificial Intelligence

  12. Now we cover the camera with our adversarial sticker made by our proposed method to achieve the targeted attack. This should make a “street sign” misclassified as a “guitar pick”. 12 Juncheng B. Li, Frank R. Schmidt, J. Zico Kolter | Bosch Center for Artificial Intelligence

  13. The Sticker results in very inconspicuous blurs in the view. We can achieve targeted attack most of the time at different angles and with different distances. 13 Juncheng B. Li, Frank R. Schmidt, J. Zico Kolter | Bosch Center for Artificial Intelligence

  14. Results: Real World Evaluation Prediction Original Target Class class Correct Target Other Mouse 271 548 181 Keyboard Space bar 320 522 158 Guitar Pick 194 605 201 Street sign Envelope 222 525 253 Coffee Candle 330 427 243 mug Table 2. Fooling performance of the our method on two 1000 frame videos of a computer keyboard and a stop sign, viewed through a camera with an adversarial sticker placed on it targeted for these attacks. 14 Juncheng B. Li, Frank R. Schmidt, J. Zico Kolter | Bosch Center for Artificial Intelligence

  15. ICML 2019, Long Beach California, 6/11/2019 Summary • Adversarial attacks don’t need to modify every object in the world to fool a deployed deep classifier, they just need to modify the camera • Implications in self-driving cars, security systems, many other domains To find out more, come see our poster Pacific Ballroom #65 at on Tuesday, Jun 11th 06:30-09:00 15 Juncheng B. Li, Frank R. Schmidt, J. Zico Kolter | Bosch Center for Artificial Intelligence

Recommend

# Camera camera = Camera.open(); Camera camera

# Camera camera = Camera.open(); Camera camera

# Camera camera = Camera.open(); Camera camera = Camera.open(); camera.setDisplayOrientation(90); camera.setDisplayOrientation(90); camera.unlock(); SurfaceHolder holder = getHolder();

1.34k views • 45 slides
# Camera camera = Camera.open();

# Camera camera = Camera.open();

# Camera camera = Camera.open(); Camera camera = Camera.open(); camera.setDisplayOrientation(90); camera.setDisplayOrientation(90); camera.unlock(); SurfaceHolder holder =

819 views • 33 slides
Basics of Off-Camera Flash Off-Camera Flash www.jedi.com * What is it & why do we use it? *

Basics of Off-Camera Flash Off-Camera Flash www.jedi.com * What is it & why do we use it? *

Basics of Off-Camera Flash Off-Camera Flash www.jedi.com * What is it & why do we use it? * Bouncing on-camera flash to emulate off-camera light * True off-camera flash * Basic examples * Trigger mechanisms * Controlling the amount of

144 views • 11 slides
Camera Rongkai Guo Why Camera First? Games have their own visual rules Contrary to other

Camera Rongkai Guo Why Camera First? Games have their own visual rules Contrary to other

Camera Rongkai Guo Why Camera First? Games have their own visual rules Contrary to other kinds of camera Difficult and Expensive to change a poorly designed camera Rules are needed to govern the camera through the whole game

341 views • 10 slides
Other Camera Controls The LookAt function is only for positioning camera Other ways to

Other Camera Controls The LookAt function is only for positioning camera Other ways to

Other Camera Controls The LookAt function is only for positioning camera Other ways to specify camera position/movement Yaw, pitch, roll Elevation, azimuth, twist Direction angles Flexible Camera Control Sometimes, we

717 views • 26 slides
Other Camera Controls The LookAt function is only for positioning camera Other ways to

Other Camera Controls The LookAt function is only for positioning camera Other ways to

Other Camera Controls The LookAt function is only for positioning camera Other ways to specify camera position/movement Yaw, pitch, roll Elevation, azimuth, twist Direction angles Flexible Camera Control Sometimes, we want

941 views • 29 slides
holder.addCallback(this); holder.setType(SurfaceHolder.STP); MediaRecorder r = new

holder.addCallback(this); holder.setType(SurfaceHolder.STP); MediaRecorder r = new

Camera camera = Camera.open(); Camera camera = Camera.open(); camera.setDisplayOrientation(90); camera.setDisplayOrientation(90); camera.unlock(); SurfaceHolder holder = getHolder(); holder.addCallback(this);

324 views • 21 slides
Humanoid Robotics Camera Parameters Maren Bennewitz What is Camera Calibration? A camera

Humanoid Robotics Camera Parameters Maren Bennewitz What is Camera Calibration? A camera

Humanoid Robotics Camera Parameters Maren Bennewitz What is Camera Calibration? A camera projects 3D world points onto the 2D image plane Calibration : Find the internal quantities of the camera that affect this process Image center

908 views • 45 slides
Humanoid Robotics Camera Parameters Maren Bennewitz What is Camera Calibration? A camera

Humanoid Robotics Camera Parameters Maren Bennewitz What is Camera Calibration? A camera

Humanoid Robotics Camera Parameters Maren Bennewitz What is Camera Calibration? A camera projects 3D world points onto the 2D image plane Calibration : Find the internal quantities of the camera that affect this process Image

527 views • 48 slides
Mars Image-based Modeling and Rendering Mars Rovers have 3 cameras Panoramic Camera

Mars Image-based Modeling and Rendering Mars Rovers have 3 cameras Panoramic Camera

Mars Image-based Modeling and Rendering Mars Rovers have 3 cameras Panoramic Camera Hazard Identification Camera Navigation Camera Testing the roll-off on the ground at the JPL Mars Yard sandbox. 1 Panorama Camera

471 views • 8 slides
Multi-view geometry Slides from L. Lazebnik Structure from motion Camera 1 Camera 3 Camera 2 R

Multi-view geometry Slides from L. Lazebnik Structure from motion Camera 1 Camera 3 Camera 2 R

Multi-view geometry Slides from L. Lazebnik Structure from motion Camera 1 Camera 3 Camera 2 R 1 ,t 1 R 3 ,t 3 R 2 ,t 2 Figure credit: Noah Snavely Structure from motion ? Camera 1 Camera 3 Camera 2 R 1 ,t 1 R 3 ,t 3 R 2 ,t 2

526 views • 40 slides
Camera and Scene Setup Where to put the camera? How much to show within the frame? When to move

Camera and Scene Setup Where to put the camera? How much to show within the frame? When to move

Camera and Scene Setup Where to put the camera? How much to show within the frame? When to move the camera? Camera Position Catch the most expressive aspect No unintentional surprises How much to show? long shot medium shot closeups

506 views • 15 slides
How to improve the image of a camera obscura (pin-hole camera) an inquiry-based approach from

How to improve the image of a camera obscura (pin-hole camera) an inquiry-based approach from

Joachim Gretsch & Nadine Reddersen Gymnasium Andreanum Hildesheim, Germany How to improve the image of a camera obscura (pin-hole camera) an inquiry-based approach from the middle school optics curriculum. How to improve the image of a

538 views • 25 slides
Overview Simple camera is limiting and it is necessary to model a camera that can be moved

Overview Simple camera is limiting and it is necessary to model a camera that can be moved

General Camera Overview Simple camera is limiting and it is necessary to model a camera that can be moved We will define parameters for a camera in terms of where it is, the direction it points and the direction it considers to

390 views • 7 slides
Digital cameras and Imaging! CSE467 1 Today: Pinhole camera Film camera Digital

Digital cameras and Imaging! CSE467 1 Today: Pinhole camera Film camera Digital

Digital cameras and Imaging! CSE467 1 Today: Pinhole camera Film camera Digital camera Sensor types Signal chain Demo project Let Lets build a camera CSE467 2 1 Camera trial #1 film scene Put a piece of film

686 views • 27 slides
Camera to camera communication Why it is unique Descript ion Use cases Feat ures Hive LPR

Camera to camera communication Why it is unique Descript ion Use cases Feat ures Hive LPR

Camera to camera communication Why it is unique Descript ion Use cases Feat ures Hive LPR camera applications Hive is a Vehicle Access Control S ystem which constitutes one Master Camera that manages up to 3 S lave Cameras No PC or

642 views • 8 slides
Advanced Camera Control From Introduction to: M. Haigh-Hutchinson, IMGD 4000 Real-Time Cameras:

Advanced Camera Control From Introduction to: M. Haigh-Hutchinson, IMGD 4000 Real-Time Cameras:

3/31/2016 Note: if you dont notice camera, then it is working well! An ideal virtual camera system, regardless of genre, is notable by the lack of attention given to it by the viewer Advanced Camera Control From Introduction to: M.

513 views • 7 slides
1 Pinhole camera in 2D Distant objects are smaller (with reflected image plane) Size is

1 Pinhole camera in 2D Distant objects are smaller (with reflected image plane) Size is

Camera Obscura Cameras (Reading: Chapter 1) Goal: understand how images are formed Camera obscura dates from 15 th century Basic abstraction is the pinhole camera Perspective projection is a simple mathematical "When images

442 views • 5 slides
Human Body Recogni6on and Tracking: Kinect RGB-D Camera How the Kinect RGB-D Camera Works

Human Body Recogni6on and Tracking: Kinect RGB-D Camera How the Kinect RGB-D Camera Works

Human Body Recogni6on and Tracking: Kinect RGB-D Camera How the Kinect RGB-D Camera Works MicrosoC Kinect for Xbox 360 aka Kinect 1 (2010) Color video camera + laser- projected IR dot paUern + IR camera IR laser projector

389 views • 11 slides
Camera Calibration (Compute Camera Matrix P) Shao-Yi Chien Department of Electrical

Camera Calibration (Compute Camera Matrix P) Shao-Yi Chien Department of Electrical

Camera Calibration (Compute Camera Matrix P) Shao-Yi Chien Department of Electrical Engineering National Taiwan University Fall 2019 1 Outline Camera calibration [Slides credit: Marc Pollefeys] 2 Resectioning X P ? x i

492 views • 36 slides
2 At Home: Kinect IR Camera RGB Camera There are some problems with cameras 3 Illumination

2 At Home: Kinect IR Camera RGB Camera There are some problems with cameras 3 Illumination

2 At Home: Kinect IR Camera RGB Camera There are some problems with cameras 3 Illumination 4 Occlusion 5 Bandwidth 6 Power Consumtion 7 Cost 8 Privacy? 9 Other Sensing Methods? Vision is one of our main senses What else

706 views • 55 slides
Image Formation CPSC 453 Fall 2018 Sonny Chan Outline for Today The Camera Obscura

Image Formation CPSC 453 Fall 2018 Sonny Chan Outline for Today The Camera Obscura

Image Formation CPSC 453 Fall 2018 Sonny Chan Outline for Today The Camera Obscura The geometry of perspective The anatomy of a camera The Camera Obsura ca. 4th century BC Camera Obscura, 1946 San Francisco, California Camera

711 views • 49 slides
Designing All Sky Camera for Designing All Sky Camera for the AMISR the AMISR REU Student :

Designing All Sky Camera for Designing All Sky Camera for the AMISR the AMISR REU Student :

Designing All Sky Camera for Designing All Sky Camera for the AMISR the AMISR REU Student : Raktim Sarma Mentor : Dr. Qian Wu Programming Guide : Alice Lecinski High Altitude Observatory ( HAO) Outline

1.52k views • 22 slides
Camera Models Shao-Yi Chien Department of Electrical Engineering National Taiwan

Camera Models Shao-Yi Chien Department of Electrical Engineering National Taiwan

Camera Models Shao-Yi Chien Department of Electrical Engineering National Taiwan University Fall 2019 1 Outline Camera models [Slides credit: Marc Pollefeys] 2 Camera Obscura: the Pre-Camera First idea: Mo-Ti, China (470BC

571 views • 37 slides

More recommend