Watch out! Motion is blurring the vision of your deep neural networks

Author

Qing GUO
Felix JUEFEI-XU
Xiaofei XIE, Singapore Management UniversityFollow
Lei MA
Jian WANG
Bing YU
Wei FENG
Yang LIU

Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

12-2020

Abstract

The state-of-the-art deep neural networks (DNNs) are vulnerable to adversarial examples with additive random noise-like perturbations. While such examples are hardly found in the physical world, the image blurring effect caused by object motion, on the other hand, commonly occurs in practice, making the study of which greatly important especially for the widely adopted real-time image processing tasks (e.g., object detection, tracking). In this paper, we initiate the first step to comprehensively investigate the potential hazards of blur effect for DNN, caused by object motion. We propose a novel adversarial attack method that can generate visually natural motion-blurred adversarial examples, named motion-based adversarial blur attack (ABBA). To this end, we first formulate the kernel-prediction-based attack where an input image is convolved with kernels in a pixel-wise way, and the misclassification capability is achieved by tuning the kernel weights. To generate visually more natural and plausible examples, we further propose the saliency-regularized adversarial kernel prediction, where the salient region serves as a moving object, and the predicted kernel is regularized to achieve visual effects that are natural. Besides, the attack is further enhanced by adaptively tuning the translations of object and background. A comprehensive evaluation on the NeurIPS’17 adversarial competition dataset demonstrates the effectiveness of ABBA by considering various kernel sizes, translations, and regions. The in-depth study further confirms that our method shows more effective penetrating capability to the state-of-the-art GAN-based deblurring mechanisms compared with other blurring methods. We release the code to https://github.com/tsingqguo/ABBA.

Discipline

OS and Networks | Software Engineering

Research Areas

Software and Cyber-Physical Systems

Publication

Proceedings of the 34th Conference on Neural Information Processing Systems, NeurIPS 2020, Vancouver, Canada, December 6-12

Volume

33

First Page

1

Last Page

11

Publisher

NIPSF

City or Country

Virtual Conference

Citation

GUO, Qing; JUEFEI-XU, Felix; XIE, Xiaofei; MA, Lei; WANG, Jian; YU, Bing; FENG, Wei; and LIU, Yang. Watch out! Motion is blurring the vision of your deep neural networks. (2020). Proceedings of the 34th Conference on Neural Information Processing Systems, NeurIPS 2020, Vancouver, Canada, December 6-12. 33, 1-11.
Available at: https://ink.library.smu.edu.sg/sis_research/7108

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://proceedings.neurips.cc/paper/2020/hash/0a73de68f10e15626eb98701ecf03adb-Abstract.html