@inproceedings{, author = {Brunner, Thomas and Diehl, Frederik and Truong Le, Michael and Knoll, Alois}, title = {Guessing Smart: Biased Sampling for Efficient Black-Box Adversarial Attacks}, booktitle = {Proceedings of the {IEEE} International Conference on Computer Vision ({ICCV})}, year = {2019}, month = oct, address = {Seoul, South Korea}, abstract = {We consider adversarial examples for image classification in the black-box decision-based setting. Here, an attacker cannot access confidence scores, but only the final label. Most attacks for this scenario are either unreliable or inefficient. Focusing on the latter, we show that a specific class of attacks, Boundary Attacks, can be reinterpreted as a biased sampling framework that gains efficiency from domain knowledge. We identify three such biases, image frequency, regional masks and surrogate gradients, and evaluate their performance against an ImageNet classifier. We show that the combination of these biases outperforms the state of the art by a wide margin. We also showcase an efficient way to attack the Google Cloud Vision API, where we craft convincing perturbations with just a few hundred queries. Finally, the methods we propose have also been found to work very well against strong defenses: Our targeted attack won second place in the NeurIPS 2018 Adversarial Vision Challenge.}, } @proceedings{kessler2019a, author = {Kessler, Tobias and Bernhard, Julian and Buechel, Martin and Esterle, Klemens and Hart, Patrick and Malovetz, Daniel and Truong Le, Michael and Diehl, Frederik and Brunner, Thomas and Knoll, Alois}, title = {Bridging the Gap between Open Source Software and Vehicle Hardware for Autonomous Driving}, booktitle = {2019 IEEE Intelligent Vehicles Symposium}, pages = {1612-1619}, year = {2019}, month = jun, doi = {10.1109/IVS.2019.8813784}, url = {https://doi.org/10.1109/IVS.2019.8813784}, } @inproceedings{, author = {Brunner, Thomas and Diehl, Frederik and Truong Le, Michael and Knoll, Alois}, title = {Leveraging Semantic Embeddings for Safety-Critical Applications}, booktitle = {The {IEEE} Conference on Computer Vision and Pattern Recognition ({CVPR}) Workshops}, year = {2019}, month = jun, address = {Long Beach, USA}, abstract = {Semantic Embeddings are a popular way to represent knowledge in the field of zero-shot learning. We observe their interpretability and discuss their potential utility in a safety-critical context. Concretely, we propose to use them to add introspection and error detection capabilities to neural network classifiers. First, we show how to create embeddings from symbolic domain knowledge. We discuss how to use them for interpreting mispredictions and propose a simple error detection scheme. We then introduce the concept of semantic distance: a real-valued score that measures confidence in the semantic space. We evaluate this score on a traffic sign classifier and find that it achieves near state-of-the-art performance, while being significantly faster to compute than other confidence scores. Our approach requires no changes to the original network and is thus applicable to any task for which domain knowledge is available.}, } @inproceedings{Cheng2018a, author = {Cheng, Chih-Hong and Diehl, Frederik and Hinz, Gereon Michael and Hamza, Yassine and N{\"{u}}hrenberg, Georg and Rickert, Markus and Rue{\ss}, Harald and Truong Le, Michael}, title = {Neural Networks for Safety-Critical Applications - {C}hallenges, Experiments and Perspectives}, booktitle = {Proceedings of the Design, Automation \& Test in Europe Conference \& Exhibition (DATE)}, pages = {1005--1006}, year = {2018}, month = mar, address = {Dresden, Germany}, abstract = {We propose a methodology for designing dependable Artificial Neural Networks (ANNs) by extending the concepts of understandability, correctness, and validity that are crucial ingredients in existing certification standards. We apply the concept in a concrete case study for designing a highway ANN-based motion predictor to guarantee safety properties such as impossibility for the ego vehicle to suggest moving to the right lane if there exists another vehicle on its right.}, doi = {10.23919/DATE.2018.8342158}, keywords = {autonomous driving, robotics, neural networks, safety}, }