Defending Black-Box Skeleton-Based Human Activity Classifiers

Authors

  • He Wang University of Leeds, UK
  • Yunfeng Diao Hefei University of Technology, China
  • Zichang Tan Baidu Research, China
  • Guodong Guo IDL, Baidu Research, China

DOI:

https://doi.org/10.1609/aaai.v37i2.25352

Keywords:

CV: Adversarial Attacks & Robustness, CV: Motion & Tracking

Abstract

Skeletal motions have been heavily relied upon for human activity recognition (HAR). Recently, a universal vulnerability of skeleton-based HAR has been identified across a variety of classifiers and data, calling for mitigation. To this end, we propose the first black-box defense method for skeleton-based HAR to our best knowledge. Our method is featured by full Bayesian treatments of the clean data, the adversaries and the classifier, leading to (1) a new Bayesian Energy-based formulation of robust discriminative classifiers, (2) a new adversary sampling scheme based on natural motion manifolds, and (3) a new post-train Bayesian strategy for black-box defense. We name our framework Bayesian Energy-based Adversarial Training or BEAT. BEAT is straightforward but elegant, which turns vulnerable black-box classifiers into robust ones without sacrificing accuracy. It demonstrates surprising and universal effectiveness across a wide range of skeletal HAR classifiers and datasets, under various attacks. Appendix and code are available.
AAAI-23 Proceedings Cover

Downloads

Published

2023-06-26

How to Cite

Wang, H., Diao, Y., Tan, Z., & Guo, G. (2023). Defending Black-Box Skeleton-Based Human Activity Classifiers. Proceedings of the AAAI Conference on Artificial Intelligence, 37(2), 2546-2554. https://doi.org/10.1609/aaai.v37i2.25352

Issue

Vol. 37 No. 2: AAAI-23 Technical Tracks 2

Section

AAAI Technical Track on Computer Vision II