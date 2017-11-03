The good people at MIT’s Computer Science and Artificial Intelligence Laboratory [CSAIL] have found a way of tricking Google’s InceptionV3 image classifier into seeing a rifle where there actually is a turtle. This is achieved by presenting the classifier with what is called ‘adversary examples’.
Adversary examples are a proven concept for 2D stills. In 2014 [Goodfellow], [Shlens] and [Szegedy] added imperceptible noise to the image of a panda that from then on was classified as gibbon. This method relies on the image being undisturbed and can be overcome by zooming, blurring or rotating the image.
The applicability for real world shenanigans has been seriously limited but this changes everything. This weaponized turtle is a color 3D print that is reliably misclassified by the algorithm from any point of view. To achieve this, some knowledge about the classifier is required to generate misleading input. The image transformations, such as rotation, scaling and skewing but also color corrections and even print errors are added to the input and the result is then optimized to reliably mislead the algorithm. The whole process is documented in [CSAIL]’s paper on the method.
What this amounts to is camouflage from machine vision. Assuming that the method also works the other way around, the possibility of disguising guns (or anything else) as turtles has serious implications for automated security systems.
As this turtle targets the Inception algorithm, it should be able to fool the DIY image recognition talkbox that Hackaday’s own [Steven Dufresne] built.
Thanks to [Adam] for the tip.
22 thoughts on “Google’s Inception Sees This Turtle as a Gun; Image Recognition Camouflage”
i’m wondering what will happen with the self-driving cars and trucks, if somebody will make some camouflage roads or something, better to learn the lesson now than later, i guess…
Surely you’d be building camouflaged walls, which you move in front of security trucks which now operator without a driver, because that’s safer for all involved?
Sometimes I wonder it’s a good thing I’m not a terrorist.
I’m thinking of Wile E. Coyote painting a road tunnel on the face of a cliff.
Even if self driving cars make terror attacks easy and the number of people killed from them each year increases significantly, there could still be a very large net reduction in deaths because everyday accidents would be less frequent. But the odd thing about us humans is we tend to care more about HOW people die than how MANY people die.
Which do you think would be more effective to repel the self drivers, covering your car in red octagons or mirror chrome vinyl wrap so they think they’re about to have a head on collision with themselves?
It will be illegal, just like putting an invisible film over your license plate to fool traffic cameras is illegal.
This is probably the best demonstration I’ve seen yet that neural network vision systems clearly haven’t copied a real brain. I’m seriously puzzled about what the network IS using to identify the toy turtle as a rifle. The “Cat = guacamole” one is even weirder – clearly the network isn’t using the most obvious feature of guacamole, namely, its greenness.
If I had to guess, I’d say it’s mistaking the tortoiseshell pattern for a burr walnut stock and the flippers for magazines.
Whatever it is though, gives you real nerves about this sort of thing happening to a toddler over a stuffed turtle…
Reminds me of the time Tesla autopilot mistook the side of a semi truck for empty sky and the driver died. Clearly these algorithms are missing a lot of contextual cues that are obvious to humans.
To be fair the autopilot had already prompted the human to take over numerous times and was basically in this mode…
Kind of a counter to all those AI fears, and yes hopes, because it shows at least a little what AI really is, as well as how far it needs to go.