Adversarial images fall apart when you cover them up

Kari Jaaskelainen

10 Nov 2025 — 1 min read

Neural networks can be fooled by adversarial images—but here’s a twist: those fake images are even more fragile than the real ones, especially when parts are hidden.

Researchers tested nine popular attacks (like FGSM and PGD) on CIFAR-10 and slid a small mask across each image while watching the model’s confidence. They introduced a metric called Sliding Mask Confidence Entropy (SMCE) to quantify how much confidence wobbles under occlusion. The result: adversarial examples show far higher volatility than clean images.

Simple signal: High SMCE is a strong tell that an input is adversarial.
New detector: SWM-AED uses sliding-window masks to flag adversarial inputs, avoiding the catastrophic overfitting that can plague adversarial training.
Strong results: Across models and attacks on CIFAR-10, detection accuracy exceeded 62% in most cases and reached 96.5%.

Bottom line: if an image only works when every pixel is visible, it’s probably adversarial.

Paper: http://arxiv.org/abs/2511.05073v1

Paper: http://arxiv.org/abs/2511.05073v1

Register: https://www.AiFeta.com

#AI #MachineLearning #DeepLearning #AdversarialExamples #ComputerVision #Security #RobustML

Automating GDPR Compliance: A Roadmap for Companies and Law Firms

GDPR compliance is more than checkboxes. A new roadmap from the Privatech project shows how automation and machine learning can help companies and law firms assess—and even generate—privacy compliance. * Shift the focus to data processors’ real workflows: drafting policies, mapping data uses, documenting decisions. * Break compliance into machine-ready

FPGAs for Faster, Leaner Deep Learning: A Review of CNN Accelerators

Deep learning drives image search, robots, and medical scans. Most systems lean on CPUs and GPUs. This review asks: what if we run convolutional neural networks (CNNs) on FPGAs—reconfigurable chips you can tailor to the model? * Why FPGAs: custom dataflows, low latency, and strong energy efficiency—great for cameras,

Dynamic-K: Recommendations That Know When to Stop

Most apps show a fixed number of “top” items—say 10 movies or 20 products—assuming there are always enough good options. But that’s not always true: sometimes there are few relevant items, or some users are extra picky. The result? Filler recommendations. Dynamic-K flips the script. Instead of

Teaching chatbots to stop contradicting themselves (DECODE)

Teaching chatbots to stop contradicting themselves Ever had a bot say one thing, then the opposite a few turns later? This study introduces DECODE—a new task and dataset for spotting contradictions in everyday conversations, drawn from both human-human and human-bot chats. * New data beats existing natural language inference (NLI)

Read more

Automating GDPR Compliance: A Roadmap for Companies and Law Firms

FPGAs for Faster, Leaner Deep Learning: A Review of CNN Accelerators

Dynamic-K: Recommendations That Know When to Stop

Teaching chatbots to stop contradicting themselves (DECODE)