Breaking Deep Learning Systems With Adversarial Examples | Two Minute Papers #43

Two Minute Papers · Intermediate ·🧬 Deep Learning ·10y ago

Key Takeaways

The video discusses adversarial examples in deep learning systems, demonstrating how carefully crafted input images can fool neural networks into misclassifying them, using techniques such as adding noise patterns to original images.

Full Transcript

dear fellow Scholars this is 2minute papers with Caro artificial neural networks are computer programs that try to approximate what the human brain does to solve problems like recognizing objects in images in this piece of work the authors analyze the properties of these neural networks and try to unveil what exactly makes them think that the paper towel is a paper towel and building on this knowledge try to fool these programs let's have a look at this example one can grab this input image and this noise pattern and add these two images together similarly as one would add two numbers together the operation yields the image you see here I think it's fair to say that the difference is barely perceptible for the human eye not so much for neural networks because the input image we started with is classified correctly as a bus and the image that you see on the right is classified as an ostrich in simple terms Bus Plus noise equals an ostrich these two images look almost exactly the same but the neural networks see them quite differently we call these examples adversarial examples because they are designed to fool these image recognition programs in machine learning research there are common data sets to test different classification techniques on one of the best known example is the amist handwriting data set it is basically a bunch of images depicting handwritten numbers that machine learning algorithms have to recognize long ago this used to be a difficult problem but nowadays any half decent algorithm can guess the numbers correctly more than 99% of the time after learning for just a few seconds now we'll see that these adversarial examples are not created by chance if we add a lot of random noise to these images they get quite difficult to recognize let's engage in modesty and say that I myself as a human can recognize approximately half of them but only if I look closely and maybe even squint a neural network can guess this correctly approximately 50% of the time as well which is a quite respectable result therefore adding random noise is not really fooling the neural networks however if you look at these adversarial examples in the even columns you see how carefully they are crafted as they look very similar to the original images but the classification accuracy of the neural network on these examples is 0% sent you heard it correctly it gets it wrong basically all the time the take-home message is that carefully crafted adversarial examples can be used to fool deep neural networks reliably you can watch them flounder on many hilarious examples to your enjoyment my dear sir the queen wears a shower cap you say I beg your pardon if you would like to support 2-minute papers we are available on patreon and offer really cool perks for our fellow Scholars for instance you can watch each episode around 24 hours in advance or even decide the topic of the next episodes how cool is that if you're interested just click on the box below on the screen thanks for watching and for your generous support and I'll see you next time

Original Description

Artificial neural networks are computer programs that try to approximate what the human brain does to solve problems like recognizing objects in images. In this piece of work, the authors analyze the properties of these neural networks and try to unveil what exactly makes them think that a paper towel is a paper towel, and, building on this knowledge, try to fool these programs. Carefully crafted adversarial examples can be used to fool deep neural network reliably. _______________ The paper "Intriguing properties of neural networks" is available here: http://arxiv.org/abs/1312.6199 The paper "Explaining and Harnessing Adversarial Examples" is available here: http://arxiv.org/abs/1412.6572 Image credits: Thumbnail image - https://www.flickr.com/photos/healthblog/8384110298 (CC BY-SA 2.0) Shower cap - Code Words / Julia Evans - https://codewords.recurse.com/issues/five/why-do-neural-networks-think-a-panda-is-a-vulture MNIST - hxhl95 Andrej Karpathy's online convolutional neural network: http://cs.stanford.edu/people/karpathy/convnetjs/demo/cifar10.html Subscribe if you would like to see more of these! - http://www.youtube.com/subscription_center?add_user=keeroyz Splash screen/thumbnail design: Felícia Fehér - http://felicia.hu Károly Zsolnai-Fehér's links: Patreon → https://www.patreon.com/TwoMinutePapers Facebook → https://www.facebook.com/TwoMinutePapers/ Twitter → https://twitter.com/karoly_zsolnai Web → https://cg.tuwien.ac.at/~zsolnai/
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from Two Minute Papers · Two Minute Papers · 49 of 60

1 Fluid Simulations with Blender and Wavelet Turbulence | Two Minute Papers #1
Fluid Simulations with Blender and Wavelet Turbulence | Two Minute Papers #1
Two Minute Papers
2 Capturing Waves of Light With Femto-photography | Two Minute Papers #2
Capturing Waves of Light With Femto-photography | Two Minute Papers #2
Two Minute Papers
3 Artificial Neural Networks and Deep Learning | Two Minute Papers #3
Artificial Neural Networks and Deep Learning | Two Minute Papers #3
Two Minute Papers
4 Blender Rendering - Top 7 LuxRender Features
Blender Rendering - Top 7 LuxRender Features
Two Minute Papers
5 Simulating Breaking Glass | Two Minute Papers #4
Simulating Breaking Glass | Two Minute Papers #4
Two Minute Papers
6 Time Lapse Videos From Community Photos | Two Minute Papers #5
Time Lapse Videos From Community Photos | Two Minute Papers #5
Two Minute Papers
7 AI Learns Van Gogh's Art
AI Learns Van Gogh's Art
Two Minute Papers
8 Hydrographic Printing | Two Minute Papers #7
Hydrographic Printing | Two Minute Papers #7
Two Minute Papers
9 Announcing LuxRender 1.5
Announcing LuxRender 1.5
Two Minute Papers
10 Digital Creatures Learn To Walk | Two Minute Papers #8
Digital Creatures Learn To Walk | Two Minute Papers #8
Two Minute Papers
11 Manipulating Photorealistic Renderings | Two Minute Papers #9
Manipulating Photorealistic Renderings | Two Minute Papers #9
Two Minute Papers
12 Adaptive Fluid Simulations | Two Minute Papers #10
Adaptive Fluid Simulations | Two Minute Papers #10
Two Minute Papers
13 Building Bridges With Flying Machines | Two Minute Papers #11
Building Bridges With Flying Machines | Two Minute Papers #11
Two Minute Papers
14 Reconstructing Sound From Vibrations | Two Minute Papers #12
Reconstructing Sound From Vibrations | Two Minute Papers #12
Two Minute Papers
15 Creating Photographs Using Deep Learning | Two Minute Papers #13
Creating Photographs Using Deep Learning | Two Minute Papers #13
Two Minute Papers
16 Adaptive Cloth Simulations | Two Minute Papers #14
Adaptive Cloth Simulations | Two Minute Papers #14
Two Minute Papers
17 Synthesizing Sound From Collisions | Two Minute Papers #15
Synthesizing Sound From Collisions | Two Minute Papers #15
Two Minute Papers
18 Metropolis Light Transport | Two Minute Papers #16
Metropolis Light Transport | Two Minute Papers #16
Two Minute Papers
19 3D Printing a Glockenspiel | Two Minute Papers #17
3D Printing a Glockenspiel | Two Minute Papers #17
Two Minute Papers
20 Modeling Colliding and Merging Fluids | Two Minute Papers #18
Modeling Colliding and Merging Fluids | Two Minute Papers #18
Two Minute Papers
21 Recurrent Neural Network Writes Music and Shakespeare Novels | Two Minute Papers #19
Recurrent Neural Network Writes Music and Shakespeare Novels | Two Minute Papers #19
Two Minute Papers
22 Gradients, Poisson's Equation and Light Transport | Two Minute Papers #20
Gradients, Poisson's Equation and Light Transport | Two Minute Papers #20
Two Minute Papers
23 Real-Time Facial Expression Transfer | Two Minute Papers #21
Real-Time Facial Expression Transfer | Two Minute Papers #21
Two Minute Papers
24 Automatic Lecture Notes From Videos | Two Minute Papers #22
Automatic Lecture Notes From Videos | Two Minute Papers #22
Two Minute Papers
25 Be a Part of Two Minute Papers on Patreon!
Be a Part of Two Minute Papers on Patreon!
Two Minute Papers
26 Recurrent Neural Network Writes Sentences About Images | Two Minute Papers #23
Recurrent Neural Network Writes Sentences About Images | Two Minute Papers #23
Two Minute Papers
27 How Does Deep Learning Work? | Two Minute Papers #24
How Does Deep Learning Work? | Two Minute Papers #24
Two Minute Papers
28 Cryptography, Perfect Secrecy and One Time Pads | Two Minute Papers #25
Cryptography, Perfect Secrecy and One Time Pads | Two Minute Papers #25
Two Minute Papers
29 Terrain Traversal with Reinforcement Learning | Two Minute Papers #26
Terrain Traversal with Reinforcement Learning | Two Minute Papers #26
Two Minute Papers
30 Multiple-Scattering Microfacet BSDFs with the Smith Model
Multiple-Scattering Microfacet BSDFs with the Smith Model
Two Minute Papers
31 Google DeepMind's Deep Q-Learning & Superhuman Atari Gameplays | Two Minute Papers #27
Google DeepMind's Deep Q-Learning & Superhuman Atari Gameplays | Two Minute Papers #27
Two Minute Papers
32 Are We Living In a Computer Simulation? | Two Minute Papers #28
Are We Living In a Computer Simulation? | Two Minute Papers #28
Two Minute Papers
33 Artificial Superintelligence [Audio only] | Two Minute Papers #29
Artificial Superintelligence [Audio only] | Two Minute Papers #29
Two Minute Papers
34 Automatic Parameter Control for Metropolis Light Transport | Two Minute Papers #30
Automatic Parameter Control for Metropolis Light Transport | Two Minute Papers #30
Two Minute Papers
35 Randomness and Bell's Inequality [Audio only] | Two Minute Papers #31
Randomness and Bell's Inequality [Audio only] | Two Minute Papers #31
Two Minute Papers
36 OpenAI - Non-profit AI company by Elon Musk and Sam Altman
OpenAI - Non-profit AI company by Elon Musk and Sam Altman
Two Minute Papers
37 How Do Genetic Algorithms Work? | Two Minute Papers #32
How Do Genetic Algorithms Work? | Two Minute Papers #32
Two Minute Papers
38 Painting with Fluid Simulations | Two Minute Papers #33
Painting with Fluid Simulations | Two Minute Papers #33
Two Minute Papers
39 Peer Review #1 [Audio only] | Two Minute Papers
Peer Review #1 [Audio only] | Two Minute Papers
Two Minute Papers
40 Neural Programmer-Interpreters Learn To Write Programs | Two Minute Papers #34
Neural Programmer-Interpreters Learn To Write Programs | Two Minute Papers #34
Two Minute Papers
41 9 Cool Deep Learning Applications | Two Minute Papers #35
9 Cool Deep Learning Applications | Two Minute Papers #35
Two Minute Papers
42 Designing Cities and Furnitures With Machine Learning | Two Minute Papers #36
Designing Cities and Furnitures With Machine Learning | Two Minute Papers #36
Two Minute Papers
43 Designing 3D Printable Robotic Creatures | Two Minute Papers #37
Designing 3D Printable Robotic Creatures | Two Minute Papers #37
Two Minute Papers
44 3D Printing Objects With Caustics | Two Minute Papers #38
3D Printing Objects With Caustics | Two Minute Papers #38
Two Minute Papers
45 Interactive Editing of Subsurface Scattering | Two Minute Papers #39
Interactive Editing of Subsurface Scattering | Two Minute Papers #39
Two Minute Papers
46 Simulating Viscosity and Melting Fluids | Two Minute Papers #40
Simulating Viscosity and Melting Fluids | Two Minute Papers #40
Two Minute Papers
47 What Do Virtual Objects Sound Like? | Two Minute Papers #41
What Do Virtual Objects Sound Like? | Two Minute Papers #41
Two Minute Papers
48 How DeepMind Conquered Go With Deep Learning (AlphaGo) | Two Minute Papers #42
How DeepMind Conquered Go With Deep Learning (AlphaGo) | Two Minute Papers #42
Two Minute Papers
Breaking Deep Learning Systems With Adversarial Examples | Two Minute Papers #43
Breaking Deep Learning Systems With Adversarial Examples | Two Minute Papers #43
Two Minute Papers
50 Extrapolations and Crowdfunded Research (Experiment) | Two Minute Papers #44
Extrapolations and Crowdfunded Research (Experiment) | Two Minute Papers #44
Two Minute Papers
51 Biophysical Skin Aging Simulations | Two Minute Papers #45
Biophysical Skin Aging Simulations | Two Minute Papers #45
Two Minute Papers
52 What is Impostor Syndrome? | Two Minute Papers #46
What is Impostor Syndrome? | Two Minute Papers #46
Two Minute Papers
53 Should You Take the Stairs at Work? (For Weight Loss) | Two Minute Papers #47
Should You Take the Stairs at Work? (For Weight Loss) | Two Minute Papers #47
Two Minute Papers
54 Artistic Manipulation of Caustics | Two Minute Papers #48
Artistic Manipulation of Caustics | Two Minute Papers #48
Two Minute Papers
55 Deep Learning Program Learns to Paint | Two Minute Papers #49
Deep Learning Program Learns to Paint | Two Minute Papers #49
Two Minute Papers
56 Interactive Photo Recoloring | Two Minute Papers #50
Interactive Photo Recoloring | Two Minute Papers #50
Two Minute Papers
57 How To Get Started With Machine Learning? | Two Minute Papers #51
How To Get Started With Machine Learning? | Two Minute Papers #51
Two Minute Papers
58 Awesome Research For Everyone! - Two Minute Papers Channel Trailer
Awesome Research For Everyone! - Two Minute Papers Channel Trailer
Two Minute Papers
59 10 More Cool Deep Learning Applications | Two Minute Papers #52
10 More Cool Deep Learning Applications | Two Minute Papers #52
Two Minute Papers
60 How DeepMind's AlphaGo Defeated Lee Sedol | Two Minute Papers #53
How DeepMind's AlphaGo Defeated Lee Sedol | Two Minute Papers #53
Two Minute Papers

This video teaches how adversarial examples can be used to fool deep neural networks, and why this is a significant problem in machine learning research. By understanding how to craft these examples, researchers can better evaluate the robustness of their models.

Key Takeaways
  1. Add noise patterns to original images to create adversarial examples
  2. Evaluate the classification accuracy of neural networks on these examples
  3. Compare the performance of neural networks on original and adversarial images
  4. Analyze the properties of neural networks that make them vulnerable to adversarial examples
💡 Carefully crafted adversarial examples can be used to reliably fool deep neural networks, highlighting the need for more robust models and evaluation techniques.

Related Reads

📰
Want to get started with deep learning
Get started with deep learning by leveraging resources like Andrew Karpathy's playlist and frameworks such as TensorFlow or PyTorch
Reddit r/deeplearning
📰
Building a Deepfake Detector From Scratch — What Nobody Tells You
Learn to build a deepfake detector from scratch and understand the challenges involved in detecting AI-generated fake media
Medium · Deep Learning
📰
Unfolding the Meandering Path: High-Dimensional Invariance and the Flat 2D Plane of Neural…
Learn about high-dimensional invariance and its relation to the flat 2D plane of neural networks, and how to apply these concepts to improve model performance
Medium · Deep Learning
📰
Implementing Neural Style Transfer from Scratch: The Project That Started It All
Learn to implement Neural Style Transfer from scratch and understand its significance in deep learning
Medium · Deep Learning
Up next
Image Classification with ml5.js
The Coding Train
Watch →