Evolutionary Algorithm Driven Explainable Adversarial Artificial Intelligence

It is well-known that machine learning algorithms can be susceptible to undesirable effects when exposed to conditions that are not expressed adequately in the training dataset. This leads to a growing interest throughout many communities; where do algorithms and trained models break? Recently, methods such as generative adversarial neural networks and variational autoencoders were proposed to create adversarial examples that challenge algorithms. This results in artificial intelligence having higher false detections or completely losing recognition. The problem is that existing solutions, are for the most part, black boxes. Current gaps include how do we better control and understand adversarial algorithms. Herein, we propose the concept of an adversarial modifier set as an understandable and controlled way to generate adversarial examples. This is achieved by exploiting the improved evolution-constructed algorithm to identify ideal features that a victim algorithm values in imagery. These features are combined to realize a tuple library that preserves spatial relations. Last, a set of algorithmically controlled modifiers that generate the imagery are found by examining the content of the false imagery. Preliminary results are encouraging and demonstrate that this approach has benefits in both generating explainable adversarial examples, as well as shedding some insight into victim algorithm decision making.

[1]  Aleksandr Petiushko,et al.  AdvHat: Real-World Adversarial Attack on ArcFace Face ID System , 2019, 2020 25th International Conference on Pattern Recognition (ICPR).

[2]  Tom Goldstein,et al.  Making an Invisibility Cloak: Real World Adversarial Attacks on Object Detectors , 2020, ECCV.

[3]  Wen Gao,et al.  Image Matching by Normalized Cross-Correlation , 2006, 2006 IEEE International Conference on Acoustics Speech and Signal Processing Proceedings.

[4]  Quanfu Fan,et al.  Adversarial T-Shirt! Evading Person Detectors in a Physical World , 2019, ECCV.

[5]  Taghi M. Khoshgoftaar,et al.  A survey on Image Data Augmentation for Deep Learning , 2019, Journal of Big Data.

[6]  John E. Hopcroft,et al.  Stacked Generative Adversarial Networks , 2016, 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[7]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[8]  Ramprasaath R. Selvaraju,et al.  Grad-CAM: Why did you say that? Visual Explanations from Deep Networks via Gradient-based Localization , 2016 .

[9]  Michał Grochowski,et al.  Data augmentation for improving deep learning in image classification problem , 2018, 2018 International Interdisciplinary PhD Workshop (IIPhDW).

[10]  Horst Bischof,et al.  Efficient Maximally Stable Extremal Region (MSER) Tracking , 2006, 2006 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR'06).

[11]  Seyed-Mohsen Moosavi-Dezfooli,et al.  Robustness of classifiers: from adversarial to random noise , 2016, NIPS.

[12]  Uwe D. Hanebeck,et al.  Template matching using fast normalized cross correlation , 2001, SPIE Defense + Commercial Sensing.

[13]  Huizhong Chen,et al.  Robust text detection in natural images with edge-enhanced Maximally Stable Extremal Regions , 2011, 2011 18th IEEE International Conference on Image Processing.

[14]  Toon Goedemé,et al.  Fooling Automated Surveillance Cameras: Adversarial Patches to Attack Person Detection , 2019, 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW).

[15]  David G. Lowe,et al.  Shape Descriptors for Maximally Stable Extremal Regions , 2007, 2007 IEEE 11th International Conference on Computer Vision.

[16]  Atul Prakash,et al.  Robust Physical-World Attacks on Deep Learning Visual Classification , 2018, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.

[17]  Derek T. Anderson,et al.  Generative adversarial networks for ground penetrating radar in hand held explosive hazard detection , 2018, Defense + Security.

[18]  Dah-Jye Lee,et al.  A feature construction method for general object recognition , 2013, Pattern Recognit..

[19]  Seyed-Mohsen Moosavi-Dezfooli,et al.  Universal Adversarial Perturbations , 2016, 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[20]  Soumith Chintala,et al.  Unsupervised Representation Learning with Deep Convolutional Generative Adversarial Networks , 2015, ICLR.

[21]  Jiri Matas,et al.  Robust wide-baseline stereo from maximally stable extremal regions , 2004, Image Vis. Comput..

[22]  Roberto Brunelli,et al.  Advanced , 1980 .

[23]  Pascal Frossard,et al.  Analysis of classifiers’ robustness to adversarial perturbations , 2015, Machine Learning.

[24]  Robert H. Luke,et al.  An Improved Evolution-COnstructed (iECO) Features Framework , 2014 .

[25]  Ian J. Goodfellow,et al.  NIPS 2016 Tutorial: Generative Adversarial Networks , 2016, ArXiv.

[26]  Zhe Gan,et al.  Variational Autoencoder for Deep Learning of Images, Labels and Captions , 2016, NIPS.

[27]  Derek T. Anderson,et al.  GOOFeD: Extracting Advanced Features for Image Classification via Improved Genetic Programming , 2019, 2019 IEEE Congress on Evolutionary Computation (CEC).

[28]  Ole Winther,et al.  Ladder Variational Autoencoders , 2016, NIPS.

[29]  Logan Engstrom,et al.  Synthesizing Robust Adversarial Examples , 2017, ICML.