Pith

open record

sign in

arxiv: 1807.00458 · v1 · pith:WA3MTIHV · submitted 2018-07-02 · cs.LG · cs.CR· cs.CV· stat.ML

Adversarial Perturbations Against Real-Time Video Classification Systems

Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel pith:WA3MTIHVrecord.jsonopen to challenge →

classification cs.LG cs.CRcs.CVstat.ML
keywords adversarialsystemsperturbationsclassificationmisclassificationvideoactivitiescare
0
0 comments X
read the original abstract

Recent research has demonstrated the brittleness of machine learning systems to adversarial perturbations. However, the studies have been mostly limited to perturbations on images and more generally, classification that does not deal with temporally varying inputs. In this paper we ask "Are adversarial perturbations possible in real-time video classification systems and if so, what properties must they satisfy?" Such systems find application in surveillance applications, smart vehicles, and smart elderly care and thus, misclassification could be particularly harmful (e.g., a mishap at an elderly care facility may be missed). We show that accounting for temporal structure is key to generating adversarial examples in such systems. We exploit recent advances in generative adversarial network (GAN) architectures to account for temporal correlations and generate adversarial samples that can cause misclassification rates of over 80% for targeted activities. More importantly, the samples also leave other activities largely unaffected making them extremely stealthy. Finally, we also surprisingly find that in many scenarios, the same perturbation can be applied to every frame in a video clip that makes the adversary's ability to achieve misclassification relatively easy.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. SAMD: A Tool for Identifying False Data Injection Scenarios in AI/ML-enabled Medical Devices

    cs.CR 2026-05 unverdicted novelty 7.0

    SAMD automates STPA-Sec modeling of AI/ML medical devices as control structures to generate false data injection attack scenarios via LLMs and vulnerability data, evaluated on five FDA-cleared devices with reported pr...