Get our free extension to see links to code for papers anywhere online!

Chrome logo Add to Chrome

Firefox logo Add to Firefox

A Rotation and a Translation Suffice: Fooling CNNs with Simple Transformations

Feb 13, 2018
Logan Engstrom, Brandon Tran, Dimitris Tsipras, Ludwig Schmidt, Aleksander Madry

We show that simple transformations, namely translations and rotations alone, are sufficient to fool neural network-based vision models on a significant fraction of inputs. This is in sharp contrast to previous work that relied on more complicated optimization approaches that are unlikely to appear outside of a truly adversarial setting. Moreover, fooling rotations and translations are easy to find and require only a few black-box queries to the target model. Overall, our findings emphasize the need for designing robust classifiers even in natural, benign contexts.

* Preliminary version appeared in the NIPS 2017 Workshop on Machine Learning and Computer Security 

Share this with someone who'll enjoy it:

   Access Paper Source

Share this with someone who'll enjoy it: