Summary of Transparency Attacks: How Imperceptible Image Layers Can Fool Ai Perception, by Forrest Mckee et al.
Transparency Attacks: How Imperceptible Image Layers Can Fool AI Perception
by Forrest McKee, David Noever
First submitted to arxiv on: 29 Jan 2024
Categories
- Main: Computer Vision and Pattern Recognition (cs.CV)
- Secondary: Cryptography and Security (cs.CR); Machine Learning (cs.LG)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary This paper introduces a novel attack vector against multiple vision models by introducing stealth transparency through imperceptible image layers. The authors demonstrate dataset poisoning by mislabeling grayscale landscapes and logos, including military tanks as bridges, using convolutional networks (YOLO, etc.) and vision transformers (ViT, GPT-Vision, etc.). The attack relies on the background layer in grayscale matching the transparent foreground image perceived by humans. This limitation exposes the hidden layers when placed on an opposite display theme, evading facial recognition, surveillance, digital watermarking, content filtering, dataset curating, automotive and drone autonomy, forensic evidence tampering, and retail product misclassifying. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary This paper shows that it’s possible to trick AI into thinking one thing is another. They made invisible images that confused the AI, making it think a tank was a bridge or a logo. This could be used to hide things from facial recognition cameras or surveillance systems. The authors also found that some of these attacks wouldn’t work well if the background and foreground were reversed. |
