The prospect of computers being able to view the world as humans has been a subject of increasing interest in the past few decades. Through years of research, we have come to understand the complexity of the human visual system and how impressive it would be to replicate these processes in a machine. To replicate how humans “see” the world, computers would have to decipher multi-dimensional data and recognise patterns within the data. No easy feat of course.
A deep neural network (DNN) is a feedforward type of network that is used to model various complex non-linear relationships. In terms of computer vision (more specifically image recognition), a DNN that is trained to recognise traffic signs will use the data of the given image to calculate the probability that the sign in the image is a certain traffic sign. Recently, DNNs have been achieving near-human-like performance in numerous tasks such as visual classification and pattern recognition.
Now, given that DNNs are able to classify images so well, the question arises: Is there any difference between human and computer vision? Is it possible that there are images that seem unrecognisable to humans but are quite obvious to computers? Or vice versa. You might be happy to hear that human vision still surpasses computer vision in certain areas. It was recently shown that DNNs can be fooled, and quite easily in fact. A study revealed that it is possible to create/evolve synthetic images that are unrecognisable to humans ( e.g. TV static) but are classified with high-certainty by computers to be familiar objects.
There are two ways in which to evolve these “fooling” images. Firstly by directly encoding the images: this is done by independently optimising the colour values in each pixel. The directly encoded images output visuals that resemble white noise (or TV static to us humans). DNN’s have classified the images below with high-certainty to be familiar objects.
Secondly, one can evolve images with indirect encoding, which produces images with the use of more regular patterns. These types of images may be recognisable to humans and DNNs. Similarly, the images below are unrecognisable to humans but again DNNs have somehow classified them with high-certainty.
Secondly, one can evolve images with indirect encoding, which produces images with the use of more regular patterns. These types of images may be recognisable to humans and DNNs. Similarly, the images below are unrecognisable to humans but again DNNs have somehow classified them with high-certainty.
Why are DNNs getting it so wrong?
It all has to do with what the DNN focuses on. In the case of directly encoded images, DNNs may be looking at concentrated colour pixels that vaguely resemble an image it has been trained on. In other cases, the images may have the correct colour or pattern of a certain class, suggesting that an unrecognisable image is a familiar object.
Why does fooling DNNs matter?
Imagine a scenario where a facial recognition system is deployed to detect which staff members have access to certain files. A criminal might be able to fool or bypass the system by producing synthetic images. This is a considerable security risk and shows us that computer vision still has a long way to go before being able to replace humans
References
Nguyen A, Yosinski J, Clune J. Deep Neural Networks are Easily Fooled: High Confidence Predictions for Unrecognizable Images. In Computer Vision and Pattern Recognition (CVPR ‘15), IEEE, 2015. (pdf)
