Tricking Image Recognition Software

I was interested by the 2013 research paper “Intriguing Properties of Neural Networks” by C. Szegedy, W. Zaremba, et al. One of the “intriguing properties” is that it is possible to trick image recognition. See

There are several examples of this you can find on the Internet. My favorite is the bus-ostrich example:


The image on the left is obviously a bus and you can train a convolutional deep neural network to recognize that image as a bus. However, by slightly altering the image in a clever way, the altered image on the right is classified by the neural net as an ostrich!

I think there are two morals to the story. First, this intriguing property could lead to some sort of security problems. Second, the intriguing property suggests that maybe convolutional neural networks have some inherent weakness and new approaches for image recognition are needed.

This entry was posted in Machine Learning. Bookmark the permalink.