AlphaDog

the first attack that is no-box, and universal

Attacker needs no query, no access to decision, no information about AI model.
One single Attack Instance can attack a wide range of AI model!

1. AI Removal and Eye White/grey background adversarial examples: Biden or Obama? Cat or Dog? Speed limit 20mph or 75mph? Hand X-ray dislocated or not?

With/grey background it's Biden

With/grey background it's a cat

With/grey background it's 20mph

With/grey background it's a healthy hand

Removed Alpha it's Obama

Removed Alpha it's a dog

Removed Alpha it's 75mph

Removed Alpha it's dislocated hand

Advantages of ACA:

Strong No-box attack: No query!
Universal: No need to tailor attack image for a specific AI model!

Effortless: No need to reverse engineer anything about AI model!

ACA can attack:

1) online image classifiers, such as:

https://chat.openai.com/ (Chatgpt, Removal)

https://aws.amazon.com/rekognition/ (Amazon Rekognition api, Removal)

https://www.baidu.com/ (Baidu Image api, Removal)

https://portal.vision.cognitive.azure.com/demo/generic-object-detection (Microsoft Azure Vision, Removal)

https://imagerecognize.com/ (Removal)

https://www.imageidentify.com/ (Wolfram, Removal)

https://clarifai.com/ (Calrifai, Removal)

https://vision.aliyun.com/ (AliYun vision, Removal)

https://cloud.tencent.com/ (Tencent vision, Removal)

https://imagga.com/ (Imagga, Removal)

https://www.bard.com/ (Bard, Black Background)

https://www.google.com/ (Google Cloud Vision Api, White Background)

2) Local image classifiers, such as:

Yolo v3-v8 (Default Remove Alpha Channel),

Faster R-CNN (Default Remove Alpha Channel)

Alpha Channel Attack Demonstration:

We can attack most AI Model in a NO-BOX way!

Attack Image is colorful

Chatgpt sees 20mph as a 75mph

Attack Image is purely grayscale

Amazon Rekognition Vision sees Biden as Obama

(1) Attack Cloud-base online AI Model (chatgpt, baidu, Amazon Rekognition, Microsoft Azure Vision, Bard, Gemini Vision Pro, online Free Image Classifier, walfram, Clarifi, Imagga, LandingLens .etc):

1.Chatgpt reads 20mph as a 75mph

2.Chatgpt reads a cat as a dog

3.Chatgpt sees a healthy hand as dislocated hand

4.Amazon Rekognition reads Biden as Obama

5.Baidu reads a cat as a dog

6.Baidu reads a Biden as Obama

7.Online Classifier reads a cat as a dog

8.Online Classifier reads Biden as Obama

9. Bard reads city view as a dog

10.Wolfram reads a cat as a dog

11.Clarifi reads a cat as a dog

12.LandingLens sees cat as a cow (this image hides a cow in a cat)

13.Microsoft Azure Vision sees a cat as a dog

14.Tencent Vision sees a cat as a dog

15. AliYun vision sees cat as dog

16. Google Cloud Vision Api sees a dog as city view. Note that this must be done with browser in night mode with black background because Google Cloud Vision uses white background.

(2) Attack Local Image Recognition Model(Yolo, FasterR-CNN...):

YOLO v5 reads a Biden as Obama

YOLO recognize a cat as a dog

Faster R-CNN reads Biden as Obama

Faster R-CNN reads cat as dog

Weak no-box attack Query Image ------------>

it's transparent with RGB channel to be red. We use this image to query AI model to determine their Alpha blending strategy.

Here is the result:

2. AI/Eye white/black background adversarial example: (try it yourself!)

with white background : city view

with black background : dog

Drag to

Right!

---->

with white black background, it's city view.But with black background it's a dog. ( We cannot provide presidential candidate attack image in case of malicious usage)

Qi Xia （corresponding author)

Homepage: https://sites.google.com/view/qixia/home

Part of our 1000 dataset: 100 randomly generated Attack images.

Each image hides the image on left side of it,

for example

1st image: IEye=eagle, IAI=apple, 2nd image: IEye=dog, IAI=eagle

3rd image: IEye=flower, IAI=dog, 4th image: IEye=bird, IAI=flower

Page updated

Google Sites

Report abuse