Attack to Explain Deep Representation

Mohammad A.A.K. Jalwana, Naveed Akhtar, Mohammed Bennamoun, Ajmal Mian

Research output: Chapter in Book/Conference paperConference paperpeer-review

8 Citations (Scopus)

Abstract

Deep visual models are susceptible to extremely low magnitude perturbations to input images. Though carefully crafted, the perturbation patterns generally appear noisy, yet they are able to perform controlled manipulation of model predictions. This observation is used to argue that deep representation is misaligned with human perception. This paper counter-Argues and proposes the first attack on deep learning that aims at explaining the learned representation instead of fooling it. By extending the input domain of the manipulative signal and employing a model faithful channelling, we iteratively accumulate adversarial perturbations for a deep model. The accumulated signal gradually manifests itself as a collection of visually salient features of the target label (in model fooling), casting adversarial perturbations as primitive features of the target label. Our attack provides the first demonstration of systematically computing perturbations for adversarially non-robust classifiers that comprise salient visual features of objects. We leverage the model explaining character of our algorithm to perform image generation, inpainting and interactive image manipulation by attacking adversarially robust classifiers. The visually appealing results across these applications demonstrate the utility of our attack (and perturbations in general) beyond model fooling.

Original languageEnglish
Title of host publicationProceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition
Place of PublicationUSA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages9540-9549
Number of pages10
DOIs
Publication statusPublished - 2020
Event2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2020 - Virtual, Online, United States
Duration: 14 Jun 202019 Jun 2020

Publication series

NameProceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition
PublisherIEEE, Institute of Electrical and Electronics Engineers
ISSN (Print)1063-6919

Conference

Conference2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2020
Country/TerritoryUnited States
CityVirtual, Online
Period14/06/2019/06/20

Fingerprint

Dive into the research topics of 'Attack to Explain Deep Representation'. Together they form a unique fingerprint.

Cite this