To answer this question, we studied the following two articles.
1) Humans can decipher adversarial images (here)
2) Adversarial Examples that Fool both Computer Vision and Time-Limited Humans (here)
Both articles focus is on understanding the relationships between CNNs and Human visual processing. To explore deeper into this, questions such as, “Are humans prone to the same mistake as CNNs ?, Can humans decipher adversarial examples, are asked and then answered by conducting various experiments. A wide variety of experiments were directed to simulate multiple different scenarios.
For instance, in one study humans, showed adversarial generated images and were asked not only to choose the best label but also guess appropriate labels. In addition, individuals were asked to match labels with images and/or classify them. The study showed that human beings can both perceive hard-to-catch features of adversarial images and also suggest classification for generated images even if there is no actual real feature. It seemed like human subjects were regularly successful when they were given choices and also asked to predict labels as if they were computers. Consequently, this article showed how there exist several challenges to completely prove human-machine similarities. Finally, it stated that humans can help machines by teaching them important features while also helping defend against adversarial attacks.
In another study, users were asked to do the classification task by assigning classes to each presented adversarial image. The novelty here was that adversarial images were created in two ways. The first method was creating these images without considering human vision processing features. Second, the experiment took the specific biological features of human vision into the account when creating adversarial images. The objects were assessed based on their reaction time to classify the presented images, as well as the truthiness of the assigned class labels.
The result suggested that transferable adversarial examples (those that can fool various models and are not limited to one) can impact human perception in a way that can be the result of the shared class of illusions in both the human brain and computers model.
Despite the shown results, one study resembled the machine strategy in “Seeing and distinguishing” by our human subjects via presented adversarial images for only a fraction of a second as well as synthesizing false images. Limited time was found to have subtle effects on human perception and increased the human error rate while the false image worked as a control group.
Despite the illustrated similarities between the decision made by CNNs and their human counterparts, it is important to highlight the fact that according to these articles, humans seem to have a very sophisticated system to distinguish appearing like something vs. appearing to be that thing. Hence, simply creating time constraints may not properly mitigate the differences that human vision processing and CNNs have. Also, the other important possibility is that guessing the label given to an image by the computer may be derived by voluntarily simplifying the thinking processes and pointing to the commonalities of objects instead of fully recognizing and perceiving them.
All in all, these two research studies show that human and machine decisions may diverge and the adversarial images can transfer from one domain to another. But it is important to note that human intuition is a special mechanism that has not been understood yet. Hence, this huge gap between human vision and computers may be filled once we have a precise definition of human intuition.
