the robustness of semantic segmentation models to adversarial attackscvpr18语义分割模型对抗性攻击鲁棒性.pdf

OntheRobustnessofSemanticSegmentationModelstoAdversarialAttacks

AnuragArnab1OndrejMiksik1,2PhilipH.S.Torr1

1UniversityofOxford2EmotechLabs

{anurag.arnab,ondrej.miksik,philip.torr}@eng.ox.ac.uk

ThisraisesdoubtsaboutDNNsbeingusedinsafety-critical

applicationssuchasdriverlessvehicles[36]ormedicaldi-

DeepNeuralNetworks(DNNs)havebeendemonstratedagnosis[21]sincethenetworkscouldinexplicablyclassify

toperformexceptionallywellonmostrecognitiontasksanaturalinputincorrectlyalthoughitisalmostidenticalto

suchasimageclassificationandsegmentation.However,examplesithasclassifiedcorrectlybefore(Fig.1).More-

theyhavealsobeenshowntobevulnerabletoadversarialover,itallowsthepossibilityofmaliciousagentsattacking

examples.Thisphenomenonhasrecentlyattractedalotofsystemsthatuseneuralnetworks[40,53,57,23].Hence,

attentionbutithasnotbeenextensivelystudiedonmulti-therobustnessofnetworksperturbedbyadversarialnoise

ple,large-scaledatasetsandcomplextaskssuchasseman-maybeasimportantasthepredictiveaccuracyoncleanin-

ticsegmentationwhichoftenrequiremorespecialisednet-puts.Andifmultiplemodelsachievecomparableperfor-

workswithadditionalcomponentssuchasCRFs,dilatedmance,weshouldalwaysconsiderdeployingtheonewhich

convolutions,skip-connectionsandmultiscaleprocessing.isinherentlymostrobusttoadversarialexamplesin(safety-

Inthispaper,wepresentwhattoourknowledgeisthe