Abstract:
Deep networks are susceptible to adversarial attacks. End-to-end differentiability of
deep networks provides the analytical formulation which has aided in proliferation of
diverse adversarial attacks. On the contrary, handcrafted pipelines (SIFT, BoW, SfM)
consist of intuitive approaches and perhaps lack end to end formal description. In this
work, we show that handcrafted pipelines are also susceptible to adversarial attacks.
We propose a novel targeted adversarial attack for multiple well-known handcrafted
pipelines and datasets. Our attack is able to match an image with any given target im age which can be completely different from the original image. Our approach provides
a trade-off between effectiveness and imperceptibility, and outperforms the baselines on
both metrics.
Interestingly, for sophisticated pipelines (e.g. BoW), our attack requires an iterative
approach to be more effective. However, for shallow pipelines (e.g. image registration),
we propose a simple yet effective single pass attack which indicates the level of vulner ability of otherwise robust handcrafted pipelines.
Our analysis shows that although vulnerable, achieving imperceptibility is harder in case
of targeted attack on handcrafted pipelines. To this end, we propose a stealthy attack
where the noise is perceptible but appears benign. In order to assist the community in
further examining the weakness of popular handcrafted pipelines we release our code.
