Is Deep Learning Safe for Robot Vision? Adversarial Examples against the iCub Humanoid

•

1 like•777 views

This document discusses research into generating adversarial examples to attack the vision system of the iCub humanoid robot. The researchers were able to craft perturbed images that were misclassified by the robot despite being visually indistinguishable from the originals. They developed gradient-based optimization attacks to target specific misclassifications or induce any misclassification. Potential countermeasures include rejecting inputs that fall in the "blind spots" far from the training data. However, deep learning features are unstable, with small pixel changes mapping to large changes in the deep space. Future work aims to address this instability issue.

Engineering

http://pralab.diee.unica.it @biggiobattista 2
The iCub is the humanoid robot developed at the
Italian Institute of Technology as part of the EU
project RobotCub and adopted by more than 20
laboratories worldwide.
It has 53 motors that move the head, arms and hands,
waist, and legs. It can see and hear, it has the sense of
proprioception (body configuration)
and movement (using accelerometers and gyroscopes).
[http://www.icub.org]
The object recognition system of iCub uses visual features
extracted with CNN models trained on the ImageNet dataset
[G. Pasquale et al. MLIS 2015]
The iCub Humanoid

http://pralab.diee.unica.it @biggiobattista 3
The iCub Robot-Vision System

http://pralab.diee.unica.it @biggiobattista 4
[http://old.iit.it/projects/data-sets]The iCubWorld28 Dataset

http://pralab.diee.unica.it @biggiobattista
Crafting the Adversarial Examples
• Key idea: shift the attack sample towards the decision boundary
– under a maximum input perturbation (Euclidean distance)
• Multiclass boundaries are obtained as the difference between
the competing classes (e.g., one-vs-all multiclass classification)
5
f1
f2
f3
f1-f3

http://pralab.diee.unica.it @biggiobattista
Error-generic Evasion
• Error-generic evasion
– k is the true class (blue)
– l is the competing (closest) class in feature space (red)
• The attack minimizes the objective to have the sample
misclassified as the closest class (could be any!)
6
1 0 1
1
0
1
Indiscriminate evasion

http://pralab.diee.unica.it @biggiobattista
Error-specific Evasion
• Error-specific evasion
– k is the target class (green)
– l is the competing class (initially, the blue class)
• The attack maximizes the objective to have the sample
misclassified as the target class
7
max
1 0 1
1
0
1
Targeted evasion

http://pralab.diee.unica.it @biggiobattista 8
∇fi
(x) =
∂fi(z)
∂z
∂z
∂x
f1
f2
fi
fc
...
...
Gradient-based Evasion Attacks
• Solved with projected gradient-based optimization algorithm

http://pralab.diee.unica.it @biggiobattista 9
An adversarial example from class laundry-detergent,
modified with our algorithm to be misclassified as cup
Adversarial Examples against the iCub

http://pralab.diee.unica.it @biggiobattista 10
Adversarial example generated
by manipulating only a
specific region, to simulate a
sticker that could be applied to
the real-world object
This image is classified as cup
The ‘Sticker’ Attack against iCub

http://pralab.diee.unica.it @biggiobattista
Why ML is Vulnerable to Evasion?
• Attack samples far from training data are anyway assigned to
‘legitimate’ classes
• Rejecting such blind-spot evasion points should improve security!
11
1 0 1
1
0
1
SVM-RBF (higher rejection rate)
1 0 1
1
0
1
SVM-RBF (no reject)

http://pralab.diee.unica.it @biggiobattista 12
Countering Adversarial Examples
maximum input perturbation (Euclidean distance)
visually-indistinguishable perturbations
Error-specific evasion (similar results for error-generic attacks)

http://pralab.diee.unica.it @biggiobattista
Conclusions and Future Work
• Adversarial Examples against iCub
• Countermeasure based on rejecting blind-spot evasion attacks
• Main open issue: instability of deep features
13
small changes in input space (pixels)
aligned with the gradient direction...
... correspond to large changes in
deep feature space!

http://pralab.diee.unica.it @biggiobattista
https://sec-ml.pluribus-one.it/
14

This document discusses the security of feature selection algorithms against training data poisoning attacks. It presents a framework to evaluate this, including models of the attacker's goal, knowledge, and capabilities. Experiments show that LASSO feature selection is vulnerable to poisoning attacks, which can significantly affect the selected features. The research aims to better understand these risks and develop more secure feature selection methods.

Secure Kernel Machines against Evasion Attacks

Pluribus One

This document summarizes research on developing more secure machine learning classifiers. It discusses how gradient-based and surrogate model approaches can be used to evade existing classifiers. The researchers then propose several techniques for building more robust classifiers, including using infinity-norm regularization, cost-sensitive learning, and modifying kernel parameters. Experiments on handwritten digit and spam filtering datasets show the proposed approaches improve security against evasion attacks compared to standard support vector machines.

Battista Biggio @ MCS 2015, June 29 - July 1, Guenzburg, Germany: "1.5-class ...

Pluribus One

Pattern classifiers have been widely used in adversarial settings like spam and malware detection, although they have not been originally designed to cope with intelligent attackers that manipulate data at test time to evade detection. While a number of adversary-aware learning algorithms have been proposed, they are computationally demanding and aim to counter specific kinds of adversarial data manipulation. In this work, we overcome these limitations by proposing a multiple classifier system capable of improving security against evasion attacks at test time by learning a decision function that more tightly encloses the legitimate samples in feature space, without significantly compromising accuracy in the absence of attack. Since we combine a set of one-class and two-class classifiers to this end, we name our approach one-and-a-half-class (1.5C) classification. Our proposal is general and it can be used to improve the security of any classifier against evasion attacks at test time, as shown by the reported experiments on spam and malware detection.

Battista Biggio, Invited Keynote @ AISec 2014 - On Learning and Recognition o...

Pluribus One

Learning and recognition of secure patterns is a well-known problem in nature. Mimicry and camouflage are widely-spread techniques in the arms race between predators and preys. All of the information acquired by our senses is therefore not necessarily secure or reliable. In machine learning and pattern recognition systems, we have started investigating these issues only recently, with the goal of learning to discriminate between secure and hostile patterns. This phenomenon has been especially observed in the context of adversarial settings like biometric recognition, malware detection and spam filtering, in which data can be adversely manipulated by humans to undermine the outcomes of an automatic analysis. As current pattern recognition methods are not natively designed to deal with the intrinsic, adversarial nature of these problems, they exhibit specific vulnerabilities that an adversary may exploit either to mislead learning or to avoid detection. Identifying these vulnerabilities and analyzing the impact of the corresponding attacks on pattern classifiers is one of the main open issues in the novel research field of adversarial machine learning. In the first part of this talk, I introduce a general framework that encompasses and unifies previous work in the field, allowing one to systematically evaluate classifier security against different, potential attacks. As an example of application of this framework, in the second part of the talk, I discuss evasion attacks, where malicious samples are manipulated at test time to avoid detection. I then show how carefully-designed poisoning attacks can mislead learning of support vector machines by manipulating a small fraction of their training data, and how to poison adaptive biometric verification systems to compromise the biometric templates (face images) of the enrolled clients. Finally, I briefly discuss our ongoing work on attacks against clustering algorithms, and sketch some possible future research directions.

Machine Learning under Attack: Vulnerability Exploitation and Security Measures

Pluribus One

This document summarizes research on machine learning security and adversarial attacks. It describes how machine learning systems are increasingly being used for consumer applications, but this opens them up to new security risks from skilled attackers. The document outlines different types of adversarial attacks against machine learning, including evasion attacks that aim to evade detection and poisoning attacks that aim to compromise a system's availability. It also discusses approaches for systematically evaluating the security of pattern classification systems against bounded adversaries.

On Security and Sparsity of Linear Classifiers for Adversarial Settings

Pluribus One

Sparse Support Faces - Battista Biggio - Int'l Conf. Biometrics, ICB 2015, Ph...

Pluribus One

Many modern face verification algorithms use a small set of reference templates to save memory and computational resources. However, both the reference templates and the combination of the corresponding matching scores are heuristically chosen. In this paper, we propose a well- principled approach, named sparse support faces, that can outperform state-of-the-art methods both in terms of recognition accuracy and number of required face templates, by jointly learning an optimal combination of matching scores and the corresponding subset of face templates. For each client, our method learns a support vector machine using the given matching algorithm as the kernel function, and de- termines a set of reference templates, that we call support faces, corresponding to its support vectors. It then dras- tically reduces the number of templates, without affecting recognition accuracy, by learning a set of virtual faces as well-principled transformations of the initial support faces. The use of a very small set of support face templates makes the decisions of our approach also easily interpretable for designers and end users of the face verification system.

Battista Biggio @ AISec 2013 - Is Data Clustering in Adversarial Settings Sec...

Pluribus One

Clustering algorithms have been increasingly adopted in security applications to spot dangerous or illicit activities. However, they have not been originally devised to deal with deliberate attack attempts that may aim to subvert the clustering process itself. Whether clustering can be safely adopted in such settings remains thus questionable. In this work we propose a general framework that allows one to identify potential attacks against clustering algorithms, and to evaluate their impact, by making specific assumptions on the adversary's goal, knowledge of the attacked system, and capabilities of manipulating the input data. We show that an attacker may significantly poison the whole clustering process by adding a relatively small percentage of attack samples to the input data, and that some attack samples may be obfuscated to be hidden within some existing clusters. We present a case study on single-linkage hierarchical clustering, and report experiments on clustering of malware samples and handwritten digits.

This document summarizes research on evasion attacks against machine learning systems at test time. The researchers propose a framework for evaluating the security of machine learning algorithms against evasion attacks. They model the adversary's goal, knowledge, capabilities, and attack strategy as an optimization problem. Using this framework, they evaluate gradient-descent evasion attacks against systems like spam filters and malware detectors. They show that machine learning classifiers can be vulnerable, even when the adversary has limited knowledge. The researchers explore techniques like bounding the adversary and adding a "mimicry" component to attacks to improve evasion effectiveness.

Adversarial Learning_Rupam Bhattacharya

Rupam Bhattacharya

This document discusses adversarial learning and the adversarial classification reverse engineering (ACRE) problem. The ACRE problem aims to efficiently learn enough about a classifier to construct adversarial attacks using a limited number of queries. The document presents algorithms for reverse engineering linear classifiers with continuous and boolean features. It shows ACRE learning is possible within a factor of 1+ε for continuous features and 2 for boolean features. Experimental results demonstrate the algorithm's effectiveness on spam filtering tasks. Future work directions are discussed around different classifier and cost function types.

Battista Biggio @ AISec 2014 - Poisoning Behavioral Malware Clustering

Pluribus One

Clustering algorithms have become a popular tool in computer security to analyze the behavior of malware variants, identify novel malware families, and generate signatures for antivirus systems. However, the suitability of clustering algorithms for security-sensitive settings has been recently questioned by showing that they can be significantly compromised if an attacker can exercise some control over the input data. In this paper, we revisit this problem by focusing on behavioral malware clustering approaches, and investigate whether and to what extent an attacker may be able to subvert these approaches through a careful injection of samples with poisoning behavior. To this end, we present a case study on Malheur, an open-source tool for behavioral malware clustering. Our experiments not only demonstrate that this tool is vulnerable to poisoning attacks, but also that it can be significantly compromised even if the attacker can only inject a very small percentage of attacks into the input data. As a remedy, we discuss possible countermeasures and highlight the need for more secure clustering algorithms.

WILD PATTERNS - Introduction to Adversarial Machine Learning - ITASEC 2019

Pluribus One

1) Adversarial machine learning studies machine learning systems that operate in adversarial settings such as spam filtering, where the data source is non-neutral and can deliberately attempt to reduce classifier performance. 2) Deep learning models were found to be susceptible to adversarial examples, which are imperceptibly perturbed inputs that cause models to make incorrect predictions. 3) Studies have shown that adversarial examples generated in a digital environment can still fool models when inputs are acquired through a physical system like a camera, indicating these attacks pose a real-world threat.

Causative Adversarial Learning

David Dao

Huang Xiao presented on causative adversarial learning techniques. The presentation discussed: 1) Two types of adversarial attacks - causative attacks which poison training data to change a model's discriminant function, and exploratory attacks which manipulate test points to circumvent detection. 2) Examples of causative attacks including flipping labels on support vector machines and adding malicious points to maximize test error. Gradient ascent methods were used to optimize attack points. 3) Feature selection algorithms like Lasso were also shown to be vulnerable to poisoning attacks by contaminating training data to mislead feature selection. Gradient methods optimized attacks to maximize generalization error. 4) The talk concluded machine learning systems need to be more robust and

Wild patterns - Ten years after the rise of Adversarial Machine Learning - Ne...

Pluribus One

Wild Patterns: A Half-day Tutorial on Adversarial Machine Learning - 2019 Int...

Pluribus One

Wild Patterns: A Half-day Tutorial on Adversarial Machine Learning. ICMLC 201...

Pluribus One

adversarial robustness through local linearization

taeseon ryu

The document summarizes a paper on improving adversarial robustness in neural networks through local linearization. It introduces adversarial attacks, discusses difficulties in adversarial training like gradient obfuscation, and proposes regularizing models with a local linearity measure to encourage linear regions and avoid obfuscation. Experimental results on CIFAR-10 and ImageNet show the local linearity regularizer leads to faster training and more robust models compared to adversarial training alone.

Adversarial ML - Part 2.pdf

KSChidanandKumarJSSS

This document discusses adversarial machine learning attacks. It begins by reminding the reader about evasion attacks, which aim to find model weaknesses at test time, and poisoning attacks, which compromise the training process. It then discusses evasion attacks in more detail, including the use of adversarial examples and real-world attacks. The document outlines different types of evasion attacks and formulations. It also discusses adversarial training as a potential mitigation technique, as well as universal adversarial perturbations. The document presents experimental results showing that perlin noise attacks can outperform other attacks and that adversarial training is not fully effective. It concludes by emphasizing the need to understand vulnerabilities in machine learning systems and develop effective defenses and testing methodologies.

Self-learning systems for cyber security

Kim Hammar

The document discusses using reinforcement learning and game theory to develop self-learning systems for cybersecurity. It describes challenges like evolving attacks and complex infrastructure. The approach models network attacks and defense as games and uses reinforcement learning to learn effective security policies. The work focuses on intrusion prevention, using emulation to create models of real systems and identify dynamics models for simulations. This allows training policies through reinforcement learning to automate security tasks and adapt to changing threats.

Mozfest 2018 session slides: Let's fool modern A.I. systems with stickers.

anant90

The goal of the session was to demystify Machine Learning for the participants and show them a real Machine Learning system in action. The secondary goal is to show that Machine Learning is itself just another tool, susceptible to adversarial attacks. These can have huge implications, especially in a world with self-driving cars and other automation. The session aims to be highly collaborative and audience-driven and can be adjusted to suit the participants' familiarity with machine learning and coding.

Using classifiers to compute similarities between face images. Prof. Lior Wol...

yaevents

Prof. Lior Wolf, Tel-Aviv University He is a faculty member at the School of Computer Science at Tel-Aviv University. Previously, he was a post-doctoral associate in Prof. Poggio's lab at MIT. He graduated from the Hebrew University, Jerusalem, where he worked under the supervision of Prof. Shashua. He was awarded the 2008 Sackler Career Development Chair, the Colton Excellence Fellowship for new faculty (2006-2008), the Max Shlumiuk award for 2004, and the Rothchild fellowship for 2004. His joint work with Prof. Shashua in ECCV 2000 received the best paper award, and their work in ICCV 2001 received the Marr prize honorable mention. He was also awarded the best paper award at the post ICCV workshop on eHeritage 2009. In addition, Lior has held several development, consulting and advisory positions in computer vision companies including face.com and superfish, and is a co-founder of FDNA. Presentation topic: Using classifiers to compute similarities between images of faces. Key points: The One-Shot-Similarity (OSS) is a framework for classifier-based similarity functions. It is based on the use of background samples and was shown to excel in tasks ranging from face recognition to document analysis. In this talk we will present the framework as well as the following results: (1) when using a version of LDA as the underlying classifier, this score is a Conditionally Positive Definite kernel and may be used within kernel-methods (e.g., SVM), (2) OSS can be efficiently computed, and (3) a metric learning technique that is geared toward improved OSS performance.

Robustness in deep learning

Ganesan Narayanasamy

Adversarial ML - Part 1.pdf

KSChidanandKumarJSSS

This document discusses adversarial machine learning and data poisoning attacks. It notes that machine learning systems can be compromised through evasion and poisoning attacks. Poisoning attacks aim to degrade the performance of a machine learning system by compromising the training data. Optimal poisoning attacks can be modeled as bi-level optimization problems and efficiently computed using back-gradient optimization, allowing poisoning points to be generated at scale. Poisoning attacks may be transferable across different machine learning algorithms. The document explores different types of poisoning attacks and defenses like anomaly detection and label sanitization, noting that defenses must account for detectability constraints to defend against more sophisticated attacks.

Bayesian Autoencoders for anomaly detection in industrial environments

Bang Xiang Yong

Bayesian Autoencoders (BAE) & Honest Thoughts on research

Bang Xiang Yong

1. The document discusses Bayesian Autoencoders (BAE), including how the author came to study them and what they aim to achieve. 2. It explains that BAEs aim to quantify uncertainty in deep learning models to better handle out-of-distribution data, which standard autoencoders cannot do. 3. The author hopes to develop BAEs and related tools further to create research products that can help companies detect anomalies and outliers in real-world datasets.

On the Malware Detection Problem: Challenges & Novel Approaches

Marcus Botacin

All You Need to Know to Win a Cybersecurity Adversarial Machine Learning Comp...

Marcus Botacin

Anomaly Detection using Deep Auto-Encoders

Gianmario Spacagna

This document discusses anomaly detection using deep auto-encoders. It begins by defining outliers and anomalies, and describes challenges with traditional machine learning techniques for anomaly detection. It then introduces hierarchical feature learning using deep neural networks, specifically using auto-encoders to learn the structure of normal data and detect anomalies based on reconstruction error. Examples of applying this for ECG pulse detection and MNIST digit recognition are provided.

Garbage_Collecting_Robot_Using_YOLOv3_Deep_Learning_Model (1).pdf

VINEYCHHILLAR

This document proposes the design of an autonomous garbage collecting robot that uses the YOLOv3 deep learning model for object detection. It discusses creating a custom dataset of garbage items and using it to train YOLOv3 and CNN models for detecting garbage in images captured by the robot. It also describes the hardware components of the robot including Raspberry Pi, Arduino, ultrasonic sensor, DC motors and servomotors. The document compares the performance of YOLOv3 and CNN models and concludes that YOLOv3 has better accuracy, precision and F1 score for garbage detection.

Avihu Efrat's Viola and Jones face detection slides

wolf

The document summarizes the Viola-Jones object detection framework. It uses a cascade of classifiers with increasingly more complex features trained with AdaBoost to rapidly detect objects. Integral images allow for very fast feature evaluations. The framework was applied to face detection, achieving very fast average detection speeds of 270 microseconds per sub-window while maintaining low false positive rates.

What's hot

Battista Biggio @ ECML PKDD 2013 - Evasion attacks against machine learning a...

Pluribus One

Adversarial Learning_Rupam Bhattacharya

Rupam Bhattacharya

Battista Biggio @ AISec 2014 - Poisoning Behavioral Malware Clustering

Pluribus One

WILD PATTERNS - Introduction to Adversarial Machine Learning - ITASEC 2019

Pluribus One

Causative Adversarial Learning

David Dao

Wild patterns - Ten years after the rise of Adversarial Machine Learning - Ne...

Pluribus One

Wild Patterns: A Half-day Tutorial on Adversarial Machine Learning - 2019 Int...

Pluribus One

Wild Patterns: A Half-day Tutorial on Adversarial Machine Learning. ICMLC 201...

Pluribus One

adversarial robustness through local linearization

taeseon ryu

Adversarial ML - Part 2.pdf

KSChidanandKumarJSSS

Self-learning systems for cyber security

Kim Hammar

Mozfest 2018 session slides: Let's fool modern A.I. systems with stickers.

anant90

Using classifiers to compute similarities between face images. Prof. Lior Wol...

yaevents

Robustness in deep learning

Ganesan Narayanasamy

Adversarial ML - Part 1.pdf

KSChidanandKumarJSSS

Bayesian Autoencoders for anomaly detection in industrial environments

Bang Xiang Yong

Bayesian Autoencoders (BAE) & Honest Thoughts on research

Bang Xiang Yong

On the Malware Detection Problem: Challenges & Novel Approaches

Marcus Botacin

All You Need to Know to Win a Cybersecurity Adversarial Machine Learning Comp...

Marcus Botacin

Anomaly Detection using Deep Auto-Encoders

Gianmario Spacagna

What's hot (20)

Battista Biggio @ ECML PKDD 2013 - Evasion attacks against machine learning a...

Adversarial Learning_Rupam Bhattacharya

Battista Biggio @ AISec 2014 - Poisoning Behavioral Malware Clustering

WILD PATTERNS - Introduction to Adversarial Machine Learning - ITASEC 2019

Causative Adversarial Learning

Wild patterns - Ten years after the rise of Adversarial Machine Learning - Ne...

Wild Patterns: A Half-day Tutorial on Adversarial Machine Learning - 2019 Int...

Wild Patterns: A Half-day Tutorial on Adversarial Machine Learning. ICMLC 201...

adversarial robustness through local linearization

Adversarial ML - Part 2.pdf

Self-learning systems for cyber security

Mozfest 2018 session slides: Let's fool modern A.I. systems with stickers.

Using classifiers to compute similarities between face images. Prof. Lior Wol...

Robustness in deep learning

Adversarial ML - Part 1.pdf

Bayesian Autoencoders for anomaly detection in industrial environments

Bayesian Autoencoders (BAE) & Honest Thoughts on research

On the Malware Detection Problem: Challenges & Novel Approaches

All You Need to Know to Win a Cybersecurity Adversarial Machine Learning Comp...

Anomaly Detection using Deep Auto-Encoders

Similar to Is Deep Learning Safe for Robot Vision? Adversarial Examples against the iCub Humanoid

Garbage_Collecting_Robot_Using_YOLOv3_Deep_Learning_Model (1).pdf

VINEYCHHILLAR

Avihu Efrat's Viola and Jones face detection slides

wolf

The Biometric Unit of PRA Lab @ University of Cagliari

Gian Luca Marcialis

The Pattern Recognition and Applications Lab (PRA Lab) was founded in 1996 at the University of Cagliari in Italy. It has 18 years of experience developing pattern recognition systems for applications like biometrics, computer security, and multimedia analysis. The lab's mission is to address fundamental pattern recognition issues through real-world applications. It has 5 faculty members, 6 post-docs, 5 PhD students, and 9 lab fellows. The lab is organized into units focused on biometrics, computer security, and multimedia. The Biometric Unit works on issues like anti-spoofing and develops biometric systems for face and fingerprint recognition. It has received EU funding for projects on spoofing attacks and multimedia content authentication.

IRJET - Automating the Identification of Forest Animals and Alerting in Case ...

IRJET Journal

This document describes a proposed system to automatically identify and monitor forest animals using deep learning and computer vision techniques. The system would collect images using cameras traps and use a convolutional neural network (CNN) to identify animals in the images. It would be trained on a dataset of 1500 images across 5 animal categories. If the system identifies an animal encroaching on villages, it would trigger an alert to notify the forest department. The system aims to automate time-consuming manual animal identification tasks and provide alerts about potential human-animal conflicts. It could help conservation efforts by monitoring wildlife populations over time more efficiently.

Edge AI: Deep Learning techniques for Computer Vision applied to Embedded Sys...

Giacomo Bartoli

This document discusses edge AI and applying deep learning techniques for computer vision to embedded systems. It covers convolutional neural networks (CNNs) as the base model for vision tasks, comparing architectures like SSD and YOLO for object detection. It also discusses running models for tasks like object detection on embedded devices like the Google AIY Vision kit and in applications like detecting Pikachu images and in the Audi Autonomous Driving Cup competition. Models are trained and tested on datasets like COCO, Pascal VOC and Core50 to detect objects in real-time on edge devices.

Laboratoare online ca parte a Internet of Things

ALTBrasov

Performance evaluation of GANs in a semisupervised OCR use case

Florian Wilhelm

This document discusses using generative adversarial networks (GANs) for a semi-supervised optical character recognition (OCR) use case involving vehicle identification numbers (VINs). It describes the text spotting pipeline, challenges with limited training data, data augmentation techniques, and implementing a GAN for character detection. Evaluation shows the semi-supervised GAN approach outperforms other methods, achieving over 99% accuracy on VIN detection and recognition from images using only 85 labeled examples. Key learnings include that custom solutions can outperform off-the-shelf tools for specific tasks, and GANs are well-suited for problems with limited labeled data when combined with data augmentation.

Performance evaluation of GANs in a semisupervised OCR use case

inovex GmbH

Online vehicle marketplaces are embracing artificial intelligence to ease the process of selling a vehicle on their platform. The tedious work of copying information from the vehicle registration document into some web form can be automated with the help of smart text-spotting systems, in which the seller takes a picture of the document, and the necessary information is extracted automatically. Florian Wilhelm details the components of a text-spotting system, including the subtasks of object detection and optical character recognition (OCR). Florian elaborates on the challenges of OCR in documents with various distortions and artifacts, which rule out off-the-shelf products for this task. After offering an overview of semisupervised learning based on generative adversarial networks (GANs), Florian evaluates the performance gains of this method compared to supervised learning. More specifically, for a varying amount of labeled data, he compares the accuracy of a convolution neural network (CNN) to a GANthat uses additional unlabeled data during the training phase, showing that GANs significantly outperform classical CNNs in use cases with a lack of labeled data. What you'll learn: Understand how semisupervised learning with GANs works Explore beneficial semisupervised methods based on GANs for use cases with a limited amount of labeled data Gain insight into an interesting OCR use case of an online vehicle marketplace Event: O'Reilly Artificial Intelligence Conference, London, 11.10.2018 Speaker: Dr. Florian Wilhelm Mehr Tech-Vorträge: www.inovex.de/vortraege Mehr Tech-Artikel: www.inovex.de/blog

IISc Internship Report

HarshilJain26

This document summarizes an academic paper that proposes a method for incrementally training object detection models to classify unseen object classes in real-time. It begins by providing background on object detection techniques like YOLO and SSD that can perform detection in a single pass. The paper aims to improve these single-shot detectors through incremental learning to classify new object classes without retraining the entire model from scratch. It conducted experiments on YOLO and VGG16 to investigate how well they can classify objects from unseen classes and whether their performance is affected by factors like background, bounding box size, or network architecture. The goal is to develop a more robust object detection method that can easily adapt to new classes of objects in real-time applications.

WRAPP-up: an autonomous dual-arm robot for logistics

Decision Science Community

Tackling Open Images Challenge (2019)

Hiroto Honda

How High Will It Be? Using Machine Learning Models to Predict Branch Coverage...

Sebastiano Panichella

This document summarizes research into using machine learning models to predict the branch coverage achieved by automated testing tools. It describes extracting features from open source projects tested by EvoSuite and Randoop to create a training set for models. Huber regression, support vector regression, and multi-layer perceptron models were able to reasonably predict coverage levels, with averages within 0.05-0.1 of tools' actual coverage. The research aims to help optimize test generation by predicting coverage upfront.

Landmines Detection by Robots presentation

Ahmed Abdelaziz

The document describes a proposed system for detecting landmines using mobile robots. The system involves designing an autonomous, low-cost mobile robot that uses effective motion planning and multi-sensor fusion to detect landmines. Experimental results show that the robot is able to autonomously detect fake mines in a simulated environment using multiple low-cost sensors, with decreased false alarms compared to using a single sensor. The system aims to provide a low-cost solution to landmine detection that ensures safety for human operators.

Road signs detection using voila jone's algorithm with the help of opencv

MohdSalim34

This document provides an introduction and overview of a project to develop an automatic road sign detection system using the Viola-Jones object detection framework. It discusses the motivation for the project to address safety concerns from drivers missing road signs. The document outlines the contributions of the project, which are to train a classifier using OpenCV to detect German road signs in images by implementing the Viola-Jones algorithm. It also provides details on the Viola-Jones algorithm, which combines Haar features, integral images, AdaBoost testing, and cascading classifiers to rapidly detect objects in real-time.

National Instruments Case Studies

Hollie Valler

Machine vision Application

Abhishek Sainkar

1. The document discusses the design and development of a machine vision application for object detection to be implemented on an embedded platform for automatic inspection and analysis. 2. It discusses using techniques like color segmentation for object classification in applications such as detecting red, green, and blue bottles to classify objects in real-time using a Raspberry Pi. 3. Future work includes developing real-time object detection that can distinguish between different objects and count the number of objects in the frame for applications in industrial automation and quality control.

Machine Vision On Embedded Platform

Omkar Rane

ppt - of a project will help you on your college projects

vikaspandey0702

IRJET- Object Detection and Recognition for Blind Assistance

IRJET Journal

1. The document proposes a system using object and color recognition and convolutional neural networks to enhance the capabilities of visually impaired people. 2. The system uses a camera mounted on glasses to capture images which are then preprocessed, compressed, and used to train a classifier model to recognize common objects. 3. The proposed hardware implementation uses a Raspberry Pi for its small size and open source software support, including TensorFlow for training convolutional neural network models.

N046047780

IJERA Editor

This document summarizes a research paper that proposes a new technique called Morphology based technique for Extraction and Detection of blinking Region from gif Images. It begins by introducing the goal of detecting blinking parts in gif images and issues with existing techniques. It then describes the proposed methodology which uses edge detection, morphological operations like closing, and precision/recall metrics to evaluate the technique. The methodology is tested on sample gif images and results show high precision and recall rates, indicating the model is effective at extracting blinking regions.

Similar to Is Deep Learning Safe for Robot Vision? Adversarial Examples against the iCub Humanoid (20)

Garbage_Collecting_Robot_Using_YOLOv3_Deep_Learning_Model (1).pdf

Avihu Efrat's Viola and Jones face detection slides

The Biometric Unit of PRA Lab @ University of Cagliari

IRJET - Automating the Identification of Forest Animals and Alerting in Case ...

Edge AI: Deep Learning techniques for Computer Vision applied to Embedded Sys...

Laboratoare online ca parte a Internet of Things

Performance evaluation of GANs in a semisupervised OCR use case

IISc Internship Report

WRAPP-up: an autonomous dual-arm robot for logistics

Tackling Open Images Challenge (2019)

How High Will It Be? Using Machine Learning Models to Predict Branch Coverage...

Landmines Detection by Robots presentation

Road signs detection using voila jone's algorithm with the help of opencv

National Instruments Case Studies

Machine vision Application

Machine Vision On Embedded Platform

ppt - of a project will help you on your college projects

IRJET- Object Detection and Recognition for Blind Assistance

N046047780

More from Pluribus One

Smart Textiles - Prospettive di mercato - Davide Ariu

Pluribus One

Battista Biggio @ S+SSPR2014, Joensuu, Finland -- Poisoning Complete-Linkage ...

Pluribus One

The document discusses poisoning attacks against complete-linkage hierarchical clustering. It introduces hierarchical clustering and describes how attackers can add poisoned samples to compromise the clustering output. The paper evaluates different attack strategies on real and artificial datasets, finding that even random attacks can be effective at poisoning the clusters, while extensions of greedy approaches generally perform best. Future work to develop defenses for clustering algorithms against adversarial inputs is discussed.

Battista Biggio @ ICML2012: "Poisoning attacks against support vector machines"

Pluribus One

This document discusses poisoning attacks against support vector machines. The goal of poisoning attacks is to mislead machine learning systems by injecting malicious data points into the training set. The paper proposes an approach to maximize classification error on a validation set by calculating the gradient of the hinge loss with respect to the poisoned point. Experiments on MNIST data show that a single poisoned point can significantly increase error rates. The authors note that real attacks may be less effective and discuss how to improve SVM robustness to poisoning attacks.

Zahid Akhtar - Ph.D. Defense Slides

Pluribus One

This PhD thesis by Zahid Akhtar examines the security of multimodal biometric systems against spoof attacks. It aims to evaluate the robustness of these systems to real spoof attacks, validate assumptions about the "worst-case" spoofing scenario, and develop methods to assess security without fabricating fake traits. Experiments are conducted on systems using face and fingerprint biometrics under various spoof attacks, and results show multimodal systems can be compromised by attacking a single trait, while the worst-case scenario does not always reflect real attacks.

Design of robust classifiers for adversarial environments - Systems, Man, and...

Pluribus One

This document summarizes a presentation on designing robust classifiers for adversarial environments given at the 2011 IEEE International Conference on Systems, Man, and Cybernetics. The presentation introduces an approach to model potential attacks at test time using a probabilistic model of the data distribution under attack. This model is then used to design classifiers that are more robust to attacks. Experimental results on biometric identity verification and spam filtering show that the proposed approach can increase classifier security against attacks while maintaining accuracy.

Robustness of multimodal biometric verification systems under realistic spoof...

Pluribus One

The document presents research on evaluating the robustness of multi-modal biometric verification systems against spoofing attacks. It discusses experiments conducted using fake fingerprints and faces to spoof a system using fingerprint and face matchers. The results show that the common assumption that fake scores follow a worst-case distribution may not always hold, and score fusion rules designed under this assumption could paradoxically reduce a system's robustness against realistic spoofing attacks. More accurate modeling of fake score distributions is needed.

Support Vector Machines Under Adversarial Label Noise (ACML 2011) - Battista ...

Pluribus One

The document summarizes research on making support vector machines (SVMs) more robust to adversarial label noise. It discusses how adversaries can intentionally flip labels in training data to undermine SVMs. The researchers propose a label noise robust SVM that learns from an expected kernel matrix to be less sensitive to label flips. Experiments on several datasets show their approach maintains higher accuracy than standard SVMs when the training data contains adversarial or random label noise. In conclusions, they discuss further investigating the properties and parameter selection for their kernel correction method.

Understanding the risk factors of learning in adversarial environments

Pluribus One

This document summarizes research on developing a theoretical foundation for robust machine learning classifiers that can provide assurances against adversarial manipulation. It proposes measuring a classifier's robustness based on how much its decision boundary rotates under small perturbations to the training data (contamination). For linear classifiers, robustness can be quantified as the expected angular change between the classifier's weight vectors trained on clean vs. contaminated data. This provides an intuitive way to compare learning algorithms and inform the development of more robust algorithms.

Amilab IJCB 2011 Poster

Pluribus One

The document summarizes a multi-clue approach for detecting photo-based face spoofing attacks in face recognition systems. It fuses analysis of both static visual characteristics and video clues, such as motion and eye blinking. For static analysis, it extracts several visual representations from frames to compute scores. Video analysis examines motion and blinks. The scores are fused using different combination methods depending on the level of detected motion. Experimental results on a standard spoofing database show the fused approach is more effective and robust than static analysis alone, especially for higher quality spoofing attacks.

Ariu - Workshop on Artificial Intelligence and Security - 2011

Pluribus One

This document discusses applying machine learning to computer forensics. It provides a brief history of computer security and computer forensics research. It then discusses how machine learning can be useful for computer forensics given the complexity of digital investigations and large amounts of data. The document acknowledges limitations of current computer forensics machine learning research and provides guidelines for improving tools by incorporating an investigator's knowledge and prioritizing results.

Ariu - Workshop on Applications of Pattern Analysis 2010 - Poster

Pluribus One

This document summarizes an application of Hidden Markov Models (HMMs) to analyze HTTP payloads: 1. An HMM is used to associate a probability to each sequence of bytes in an HTTP payload and obtain an overall probability for the payload. 2. Real HTTP payload data collected from various sources on the internet is used to train the HMM. 3. The trained HMM can then be used to detect anomalies in new HTTP payloads by flagging payloads with significantly different probabilities as potential attacks or malware.

Ariu - Workshop on Multiple Classifier Systems - 2011

Pluribus One

The document proposes a modular architecture for analyzing HTTP payloads using multiple classifiers to detect anomalies and intrusions. It trains ensembles of hidden Markov models on different lines of HTTP payloads like the request line, host, and user agent. The HMM outputs are then used as features for a one-class classifier to classify the full payload. The approach is evaluated on real traffic datasets and shown to outperform similar systems with high detection rates and fast computation.

Ariu - Workshop on Applications of Pattern Analysis

Pluribus One

1) Traditionally, IDS have used signatures to detect known attacks but cannot find new attacks. Anomaly detection uses a statistical model of normal patterns and flags deviations, enabling detection of zero-day attacks. 2) Previous work analyzing the byte distribution in HTTP payloads had limitations due to high-dimensional feature spaces and coarse payload representations. 3) The document proposes HMMPayl, which applies HMM to HTTP payload analysis for anomaly detection, achieving increased classification accuracy over previous solutions and enabling use of multiple classifier systems and reduced computational costs.

Ariu - Workshop on Multiple Classifier Systems 2011

Pluribus One

Robustness of Multimodal Biometric Systems under Realistic Spoof Attacks agai...

Pluribus One

This document evaluates the robustness of multimodal biometric systems against realistic spoof attacks on all traits. It finds that while multimodal systems are more robust than unimodal ones under attack, their performance is still worsened significantly, showing they can be cracked by spoofing all traits. The study also finds that the common assumption of a "worst-case scenario" is not a good approximation of realistic attacks, and a new method is needed to properly evaluate system robustness under attack without constructing spoofed data sets.

Wiamis2010 poster

Pluribus One

It is widely acknowledged that good performances of content-based image retrieval systems can be attained by adopting relevance feedback mechanisms. One of the main difﬁculties in exploiting relevance information is the availability of few relevant images, as users typically label a few dozen of images, the majority of them often being non-relevant to user’s needs. In order to boost the learning capabilities of relevance feedback techniques, this paper proposes the creation of points in the feature space which can be considered as representation of relevant images. The new points are generated taking into account not only the available relevant points in the feature space, but also the relative positions of non-relevant ones. This approach has been tested on a relevance feedback technique, based on the Nearest-Neighbor classiﬁcation paradigm. Reported experiments show the effectiveness of the proposed technique relatively to precision and recall.

More from Pluribus One (16)

Smart Textiles - Prospettive di mercato - Davide Ariu

Battista Biggio @ S+SSPR2014, Joensuu, Finland -- Poisoning Complete-Linkage ...

Battista Biggio @ ICML2012: "Poisoning attacks against support vector machines"

Zahid Akhtar - Ph.D. Defense Slides

Design of robust classifiers for adversarial environments - Systems, Man, and...

Robustness of multimodal biometric verification systems under realistic spoof...

Support Vector Machines Under Adversarial Label Noise (ACML 2011) - Battista ...

Understanding the risk factors of learning in adversarial environments

Amilab IJCB 2011 Poster

Ariu - Workshop on Artificial Intelligence and Security - 2011

Ariu - Workshop on Applications of Pattern Analysis 2010 - Poster

Ariu - Workshop on Multiple Classifier Systems - 2011

Ariu - Workshop on Applications of Pattern Analysis

Ariu - Workshop on Multiple Classifier Systems 2011

Robustness of Multimodal Biometric Systems under Realistic Spoof Attacks agai...

Wiamis2010 poster

Recently uploaded

22CYT12-Unit-V-E Waste and its Management.ppt

KrishnaveniKrishnara1

Introduction- e - waste – definition - sources of e-waste– hazardous substances in e-waste - effects of e-waste on environment and human health- need for e-waste management– e-waste handling rules - waste minimization techniques for managing e-waste – recycling of e-waste - disposal treatment methods of e- waste – mechanism of extraction of precious metal from leaching solution-global Scenario of E-waste – E-waste in India- case studies.

Manufacturing Process of molasses based distillery ppt.pptx

Madan Karki

A review on techniques and modelling methodologies used for checking electrom...

nooriasukmaningtyas

The proper function of the integrated circuit (IC) in an inhibiting electromagnetic environment has always been a serious concern throughout the decades of revolution in the world of electronics, from disjunct devices to today’s integrated circuit technology, where billions of transistors are combined on a single chip. The automotive industry and smart vehicles in particular, are confronting design issues such as being prone to electromagnetic interference (EMI). Electronic control devices calculate incorrect outputs because of EMI and sensors give misleading values which can prove fatal in case of automotives. In this paper, the authors have non exhaustively tried to review research work concerned with the investigation of EMI in ICs and prediction of this EMI using various modelling methodologies and measurement setups.

digital fundamental by Thomas L.floydl.pdf

drwaing

spirit beverages ppt without graphics.pptx

Madan Karki

Heat Resistant Concrete Presentation ppt

mamunhossenbd75

RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...

thanhdowork

哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样

insn4465

原版一模一样【微信：741003700 】【(csu毕业证书)查尔斯特大学毕业证硕士学历】【微信：741003700 】学位证，留信认证（真实可查，永久存档）offer、雅思、外壳等材料/诚信可靠,可直接看成品样本，帮您解决无法毕业带来的各种难题！外壳，原版制作，诚信可靠，可直接看成品样本。行业标杆！精益求精，诚心合作，真诚制作！多年品质 ,按需精细制作，24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题，包您满意。本公司拥有海外各大学样板无数，能完美还原海外各大学 Bachelor Diploma degree, Master Degree Diploma 1:1完美还原海外各大学毕业材料上的工艺：水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问Q/微741003700 留信网认证的作用: 1:该专业认证可证明留学生真实身份 2:同时对留学生所学专业登记给予评定 3:国家专业人才认证中心颁发入库证书 4:这个认证书并且可以归档倒地方 5:凡事获得留信网入网的信息将会逐步更新到个人身份内，将在公安局网内查询个人身份证信息后，同步读取人才网入库信息 6:个人职称评审加20分 7:个人信誉贷款加10分 8:在国家人才网主办的国家网络招聘大会中纳入资料，供国家高端企业选择人才

Swimming pool mechanical components design.pptx

yokeleetan1

sieving analysis and results interpretation

ssuser36d3051

[JPP-1] - (JEE 3.0) - Kinematics 1D - 14th May..pdf

awadeshbabu

ML Based Model for NIDS MSc Updated Presentation.v2.pptx

JamalHussainArman

DfMAy 2024 - key insights and contributions

gestioneergodomus

PPT on GRP pipes manufacturing and testing

anoopmanoharan2

Question paper of renewable energy sources

mahammadsalmanmech

Literature Review Basics and Understanding Reference Management.pptx

Dr Ramhari Poudyal

Iron and Steel Technology Roadmap - Towards more sustainable steelmaking.pdf

RadiNasr

Wearable antenna for antenna applications

Madhumitha Jayaram

6th International Conference on Machine Learning & Applications (CMLA 2024)

ClaraZara1

Electric vehicle and photovoltaic advanced roles in enhancing the financial p...

IJECEIAES

Climate change's impact on the planet forced the United Nations and governments to promote green energies and electric transportation. The deployments of photovoltaic (PV) and electric vehicle (EV) systems gained stronger momentum due to their numerous advantages over fossil fuel types. The advantages go beyond sustainability to reach financial support and stability. The work in this paper introduces the hybrid system between PV and EV to support industrial and commercial plants. This paper covers the theoretical framework of the proposed hybrid system including the required equation to complete the cost analysis when PV and EV are present. In addition, the proposed design diagram which sets the priorities and requirements of the system is presented. The proposed approach allows setup to advance their power stability, especially during power outages. The presented information supports researchers and plant owners to complete the necessary analysis while promoting the deployment of clean energy. The result of a case study that represents a dairy milk farmer supports the theoretical works and highlights its advanced benefits to existing plants. The short return on investment of the proposed approach supports the paper's novelty approach for the sustainable electrical system. In addition, the proposed system allows for an isolated power setup without the need for a transmission line which enhances the safety of the electrical network

Recently uploaded (20)

22CYT12-Unit-V-E Waste and its Management.ppt

Manufacturing Process of molasses based distillery ppt.pptx

A review on techniques and modelling methodologies used for checking electrom...

digital fundamental by Thomas L.floydl.pdf

spirit beverages ppt without graphics.pptx

Heat Resistant Concrete Presentation ppt

RAT: Retrieval Augmented Thoughts Elicit Context-Aware Reasoning in Long-Hori...

哪里办理(csu毕业证书)查尔斯特大学毕业证硕士学历原版一模一样

Swimming pool mechanical components design.pptx

sieving analysis and results interpretation

[JPP-1] - (JEE 3.0) - Kinematics 1D - 14th May..pdf

ML Based Model for NIDS MSc Updated Presentation.v2.pptx

DfMAy 2024 - key insights and contributions

PPT on GRP pipes manufacturing and testing

Question paper of renewable energy sources

Literature Review Basics and Understanding Reference Management.pptx

Iron and Steel Technology Roadmap - Towards more sustainable steelmaking.pdf

Wearable antenna for antenna applications

6th International Conference on Machine Learning & Applications (CMLA 2024)

Electric vehicle and photovoltaic advanced roles in enhancing the financial p...

Is Deep Learning Safe for Robot Vision? Adversarial Examples against the iCub Humanoid

1. Pattern Recognition and Applications Lab University of Cagliari, Italy Department of Electrical and Electronic Engineering Is Deep Learning Safe for Robot Vision? Adversarial Examples against the iCub Humanoid 1 2017 ICCV Workshop ViPAR, Venice, Oct. 23, 2017 Marco Melis, Ambra Demontis, Battista Biggio, Gavin Brown, Giorgio Fumera, Fabio Roli battista.biggio@diee.unica.it Dept. Of Electrical and Electronic Engineering University of Cagliari, Italy @biggiobattista

2. http://pralab.diee.unica.it @biggiobattista 2 The iCub is the humanoid robot developed at the Italian Institute of Technology as part of the EU project RobotCub and adopted by more than 20 laboratories worldwide. It has 53 motors that move the head, arms and hands, waist, and legs. It can see and hear, it has the sense of proprioception (body configuration) and movement (using accelerometers and gyroscopes). [http://www.icub.org] The object recognition system of iCub uses visual features extracted with CNN models trained on the ImageNet dataset [G. Pasquale et al. MLIS 2015] The iCub Humanoid

3. http://pralab.diee.unica.it @biggiobattista 3 The iCub Robot-Vision System

4. http://pralab.diee.unica.it @biggiobattista 4 [http://old.iit.it/projects/data-sets]The iCubWorld28 Dataset

5. http://pralab.diee.unica.it @biggiobattista Crafting the Adversarial Examples • Key idea: shift the attack sample towards the decision boundary – under a maximum input perturbation (Euclidean distance) • Multiclass boundaries are obtained as the difference between the competing classes (e.g., one-vs-all multiclass classification) 5 f1 f2 f3 f1-f3

6. http://pralab.diee.unica.it @biggiobattista Error-generic Evasion • Error-generic evasion – k is the true class (blue) – l is the competing (closest) class in feature space (red) • The attack minimizes the objective to have the sample misclassified as the closest class (could be any!) 6 1 0 1 1 0 1 Indiscriminate evasion

7. http://pralab.diee.unica.it @biggiobattista Error-specific Evasion • Error-specific evasion – k is the target class (green) – l is the competing class (initially, the blue class) • The attack maximizes the objective to have the sample misclassified as the target class 7 max 1 0 1 1 0 1 Targeted evasion

8. http://pralab.diee.unica.it @biggiobattista 8 ∇fi (x) = ∂fi(z) ∂z ∂z ∂x f1 f2 fi fc ... ... Gradient-based Evasion Attacks • Solved with projected gradient-based optimization algorithm

9. http://pralab.diee.unica.it @biggiobattista 9 An adversarial example from class laundry-detergent, modified with our algorithm to be misclassified as cup Adversarial Examples against the iCub

10. http://pralab.diee.unica.it @biggiobattista 10 Adversarial example generated by manipulating only a specific region, to simulate a sticker that could be applied to the real-world object This image is classified as cup The ‘Sticker’ Attack against iCub

11. http://pralab.diee.unica.it @biggiobattista Why ML is Vulnerable to Evasion? • Attack samples far from training data are anyway assigned to ‘legitimate’ classes • Rejecting such blind-spot evasion points should improve security! 11 1 0 1 1 0 1 SVM-RBF (higher rejection rate) 1 0 1 1 0 1 SVM-RBF (no reject)

12. http://pralab.diee.unica.it @biggiobattista 12 Countering Adversarial Examples maximum input perturbation (Euclidean distance) visually-indistinguishable perturbations Error-specific evasion (similar results for error-generic attacks)

13. http://pralab.diee.unica.it @biggiobattista Conclusions and Future Work • Adversarial Examples against iCub • Countermeasure based on rejecting blind-spot evasion attacks • Main open issue: instability of deep features 13 small changes in input space (pixels) aligned with the gradient direction... ... correspond to large changes in deep feature space!

14. http://pralab.diee.unica.it @biggiobattista https://sec-ml.pluribus-one.it/ 14

Is Deep Learning Safe for Robot Vision? Adversarial Examples against the iCub Humanoid

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Is Deep Learning Safe for Robot Vision? Adversarial Examples against the iCub Humanoid

Similar to Is Deep Learning Safe for Robot Vision? Adversarial Examples against the iCub Humanoid (20)

More from Pluribus One

More from Pluribus One (16)

Recently uploaded

Recently uploaded (20)

Is Deep Learning Safe for Robot Vision? Adversarial Examples against the iCub Humanoid