Abstract: The success of deep learning research has catapulted deep models into production
systems that our society is becoming increasingly dependent on, especially in the
image and video domains. However, recent work has shown that these largely
uninterpretable models exhibit glaring security vulnerabilities in the presence of
an adversary. In this work, we develop a powerful untargeted adversarial attack
for action recognition systems in both white-box and black-box settings. Action
recognition models differ from image-classification models in that their inputs
contain a temporal dimension, which we explicitly target in the attack. Drawing
inspiration from image classifier attacks, we create new attacks which achieve
state-of-the-art success rates on a two-stream classifier trained on the UCF-101
dataset. We find that our attacks can significantly degrade a model’s performance
with sparsely and imperceptibly perturbed examples. We also demonstrate the
transferability of our attacks to black-box action recognition systems.
Keywords: adversarial attacks, action recognition, video classification
TL;DR: The paper describes adversarial attacks for action recognition classifiers that explicitly attack along the time dimension.
Data: [UCF101](https://paperswithcode.com/dataset/ucf101)
8 Replies
Loading