Scientists demonstrate 'attacks that mislead image recognition functions' and may pose a threat to autonomous driving
The image recognition system installed in the autonomous driving system is a convenient one that automatically identifies road signs. However, as a result of experiments conducted by scientists considering the possibility of attacks on this system, it is demonstrated that 'the system can be misidentified by irradiating the road sign with a special light beam'. did.
Optical Adversarial Attack
Optical Adversarial Attack Can Change the Meaning of Road Signs --Unite.AI
Abhiram Gnanasambandam and colleagues at Purdue University irradiate uneven objects such as clothing and basketball and flat objects such as road signs with light rays mixed with noise to see how machine learning systems recognize them. Was carried out. Gnanasambandam et al. Named this light beam 'OPtical ADversarial Attack (OPAD)'.
An example of the experiment is below. According to Gnanasambandam et al., Basketball was correctly recognized in most situations, but it was recognized as a 'shield' only when OPAD was performed after correcting environmental factors such as backlight.
We also succeeded in making the system recognize that it is a speed limit sign of 'Speed 30' by performing OPAD on the stop sign displayed as 'STOP'.
In an experiment by Gnanasambandam et al., Of the 64 OPADs performed, 31 succeeded in misidentifying the system. 'It's difficult to make OPAD successful with bumpy objects, but flat-faced objects are ideal for OPAD,' said Gnanasambandam and colleagues. In addition, increasing the ISO sensitivity and increasing the amount of light also improved the recognition accuracy of the system, so OPAD may function only at night when the surroundings are dark.
In this experiment, it was assumed that the attacker could access the learning model of the system and that he could not access it and learned by himself, and he said that he succeeded in both. However, since the image recognition system used in the experiment is an open source system and is different from the system developed independently by the company, OPAD may not always succeed in a commercially available system.
Related Posts:
