RGB-D object recognition systems improve their predictive performances by fusing color and depth information, outperforming neural network architectures that rely solely on colors. While RGB-D systems are expected to be more robust to adversarial examples than RGB-only systems, they have also been proven to be highly vulnerable. Their robustness is similar even when the adversarial examples are generated by altering only the original images' colors. Different works highlighted the vulnerability of RGB-D systems; however, there is a lacking of technical explanations for this weakness. Hence, in our work, we bridge this gap by investigating the learned deep representation of RGB-D systems, discovering that color features make the function learned by the network more complex and, thus, more sensitive to small perturbations. To mitigate this problem, we propose a defense based on a detection mechanism that makes RGB-D systems more robust against adversarial examples. We empirically show that this defense improves the performances of RGB-D systems against adversarial examples even when they are computed ad-hoc to circumvent this detection mechanism, and that is also more effective than adversarial training.

翻译：RGB-D物体识别系统通过融合颜色和深度信息提升预测性能，优于仅依赖颜色的神经网络架构。尽管RGB-D系统有望比纯RGB系统对对抗样本更具鲁棒性，但已被证明同样高度脆弱。即使对抗样本仅通过改变原始图像的颜色生成，其鲁棒性也相差无几。多项研究强调了RGB-D系统的脆弱性，但对此弱点的技术解释尚存不足。为此，本研究通过分析RGB-D系统学习到的深度表征填补了这一空白，发现颜色特征使网络学习的函数更加复杂，从而对小扰动更敏感。为缓解此问题，我们提出一种基于检测机制的防御方法，使RGB-D系统对对抗样本更具鲁棒性。实验表明，即便对抗样本是专门为规避该检测机制而设计的，该防御方法仍能提升RGB-D系统性能，且效果优于对抗性训练。