Overcoming Adversarial Attacks for Human-in-the-Loop Applications

Ryan McCoppin,Marla Kennedy,Platon Lukyanenko,Sean Kennedy
DOI: https://doi.org/10.48550/arXiv.2306.05952
2023-08-25
Abstract:Including human analysis has the potential to positively affect the robustness of Deep Neural Networks and is relatively unexplored in the Adversarial Machine Learning literature. Neural network visual explanation maps have been shown to be prone to adversarial attacks. Further research is needed in order to select robust visualizations of explanations for the image analyst to evaluate a given model. These factors greatly impact Human-In-The-Loop (HITL) evaluation tools due to their reliance on adversarial images, including explanation maps and measurements of robustness. We believe models of human visual attention may improve interpretability and robustness of human-machine imagery analysis systems. Our challenge remains, how can HITL evaluation be robust in this adversarial landscape?
Machine Learning,Computer Vision and Pattern Recognition
What problem does this paper attempt to address?
This paper aims to solve the problem of how to overcome adversarial attacks in Human - in - the - Loop (HITL) applications. Specifically, the paper focuses on the following key issues: 1. **The impact of adversarial attacks on deep neural networks**: - Adversarial images can degrade the performance of the model, and these perturbations are often designed to evade detection by image analysts. - Adversarial attacks not only affect the prediction accuracy of the model but also disrupt or circumvent additional tools used to evaluate the model, such as explanation graphs and robustness metrics. 2. **The role of human analysts in an adversarial environment**: - In the field of adversarial machine learning, incorporating human analysis may help improve the robustness of deep neural networks, but there is relatively little research in this area. - Visual explanation graphs of neural networks (such as those generated by Grad - CAM) are vulnerable to adversarial attacks, which makes it difficult for human analysts to accurately evaluate the model. 3. **How to select robust visual explanations**: - In order to enable image analysts to effectively evaluate a given model, further research is needed on how to select robust visual explanation methods. - These factors have a significant impact on HITL evaluation tools that rely on adversarial images, including explanation graphs and robustness measurements. 4. **Combining human visual attention models to improve interpretability and robustness**: - The author believes that human visual attention models may help improve the interpretability and robustness of human - machine image analysis systems. - However, the challenge lies in how to ensure that these models themselves are not affected by adversarial attacks and how to combine human and machine attention to identify adversarial images. ### Summary of the main problems in the paper The core problem of the paper is: **How to keep HITL evaluation tools robust in an adversarial environment?** Specifically, the paper explores the following aspects: - How to ensure that explanation graphs and other auxiliary tools remain reliable under adversarial attacks. - How to use human visual attention models to enhance the detection ability of adversarial attacks. - How to design effective HITL tools so that human analysts can better understand and evaluate models in an adversarial environment. Through the research of these problems, the author hopes to promote the further development of HITL applications in the field of adversarial machine learning.