Generating Semantic Adversarial Examples through Differentiable Rendering

Lakshya Jain

EECS Department, University of California, Berkeley

Technical Report No. UCB/EECS-2020-85

May 28, 2020

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2020/EECS-2020-85.pdf

Deep neural networks (DNNs) are being increasingly applied in mission-critical situations, where high accuracy and robustness are essential. While deploying DNNs for computer vision and image processing tasks, the focus of adversarial analysis has been mainly on finding pixel-level changes that may impact the network’s robustness. We examine an alternate approach - generating adversarial images by inducing perturbations in the semantics of an image, yielding interesting scenes that are more likely to occur in the real world. One can then use the generated examples to improve the robustness of DNNs through using them in data augmentation and adversarial retraining. In this report, we provide and implement a pipeline that can generate such scenes on demand by combining a differentiable rendering framework with gradient-based attacks. We demonstrate that the semantic adversarial examples generated by the pipeline can fool an object classification or detection framework, that retraining on these counterexamples is effective in making the network more robust to such attacks, and that the semantic robustness achieved against one attack appears to help achieve semantic robustness against other gradient-based attacks.

Advisors: Sanjit A. Seshia

BibTeX citation:

@mastersthesis{Jain:EECS-2020-85,
    Author= {Jain, Lakshya},
    Title= {Generating Semantic Adversarial Examples through Differentiable Rendering},
    School= {EECS Department, University of California, Berkeley},
    Year= {2020},
    Month= {May},
    Url= {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2020/EECS-2020-85.html},
    Number= {UCB/EECS-2020-85},
    Note= {This work was supported in part by NSF grants CCF-1837132 and CNS-1545126, the DARPA Assured Autonomy project, Berkeley Deep Drive, and the iCyPhy center.},
    Abstract= {Deep neural networks (DNNs) are being increasingly applied in mission-critical situations, where high accuracy and robustness are essential. While deploying DNNs for computer vision and image processing tasks, the focus of adversarial analysis has been mainly on finding pixel-level changes that may impact the network’s robustness. We examine an alternate approach - generating adversarial images by inducing perturbations in the semantics of an image, yielding interesting scenes that are more likely to occur in the real world. One can then use the generated examples to improve the robustness of DNNs through using them in data augmentation and adversarial retraining. In this report, we provide and implement a pipeline that can generate such scenes on demand by combining a differentiable rendering framework with gradient-based attacks. We demonstrate that the semantic adversarial examples generated by the pipeline can fool an object classification or detection framework, that retraining on these counterexamples is effective in making the network more robust to such attacks, and that the semantic robustness achieved against one attack appears to help achieve semantic robustness against other gradient-based attacks.},
}

EndNote citation:

%0 Thesis
%A Jain, Lakshya 
%T Generating Semantic Adversarial Examples through Differentiable Rendering
%I EECS Department, University of California, Berkeley
%D 2020
%8 May 28
%@ UCB/EECS-2020-85
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2020/EECS-2020-85.html
%F Jain:EECS-2020-85