Your submission is now in Draft mode.

Once it's ready, please submit your draft for review by our team of Community Moderators. Thank you!

Submit Essay

Once you submit your essay, you can no longer edit it.

Pending

This content now needs to be approved by community moderators.

Submitted

This essay was submitted and is waiting for review.

Date Image Recognition Robust vs Adversarials

Question

Image recognition is a task of assigning a label to an image. There has been enormous progress in the last 10 years due to deep learning. However, in 2013 researchers pointed out certain intriguing properties of neural networks. In particular, neural networks seem to suffer from a problem currently known as adversarial examples.

Adversarial examples are images optimized so as to fool a machine learning algorithm, but remain unambiguous to humans. Current machine learning algorithms can be fooled by changes that are essentially impossible to perceive by humans. The issue of adversarial examples highlight differences in how humans and algorithms do image recognition. "Adversarial Examples - A Complete Characterisation of the Phenomenon" provides an extensive overview.

Notably, adversarial examples can also be a security issue, for example by making it possible to bypass face or voice recognition used for authentication.

Recently Google introduced the Unrestricted Adversarial Examples Challenge. This challenge allows unrestricted inputs, allowing participants to submit arbitrary images from the target classes to develop and test models on a wider variety of adversarial examples. They ask models to answer the question "Is this an unambiguous picture of a bird, a bicycle, or is it (ambiguous / not obvious)?". The images are provided by attackers and are first labeled by humans. A small monetary prize will be awarded to any team that breaks a previously-unbroken defense with an eligible input.

When will image recognition be made robust against unrestricted adversaries?

The question will resolve when the large defender prize of the Unrestricted Adversarial Examples Challenge is awarded. This means that a defense (an image recognition algorithm) must remain unbroken for at least 90 days. This file provides details of the challenge. The question will resolve even if the details of the challenge are modified as long as the spirit of the challenge remains the same. The question will resolve as ambiguous if the challenge is discontinued before the end of 2030.

Make a Prediction

Prediction

Note: this question resolved before its original close time. All of your predictions came after the resolution, so you did not gain (or lose) any points for it.

Note: this question resolved before its original close time. You earned points up until the question resolution, but not afterwards.

Current points depend on your prediction, the community's prediction, and the result. Your total earned points are averaged over the lifetime of the question, so predict early to get as many points as possible! See the FAQ.