Semantics Preserving Adversarial Learning
This addresses the problem of creating more realistic adversarial attacks for AI security researchers, though it appears incremental as it builds on existing adversarial example methods.
The paper tackles the challenge of generating adversarial examples that preserve semantic meaning, proposing a framework that uses manifold learning to capture input semantics and perturb them while staying within the manifold, resulting in effective evasion of existing defenses across toy data, images, and text.
While progress has been made in crafting visually imperceptible adversarial examples, constructing semantically meaningful ones remains a challenge. In this paper, we propose a framework to generate semantics preserving adversarial examples. First, we present a manifold learning method to capture the semantics of the inputs. The motivating principle is to learn the low-dimensional geometric summaries of the inputs via statistical inference. Then, we perturb the elements of the learned manifold using the Gram-Schmidt process to induce the perturbed elements to remain in the manifold. To produce adversarial examples, we propose an efficient algorithm whereby we leverage the semantics of the inputs as a source of knowledge upon which we impose adversarial constraints. We apply our approach on toy data, images and text, and show its effectiveness in producing semantics preserving adversarial examples which evade existing defenses against adversarial attacks.