Bluff: Interactively Deciphering Adversarial Attacks on Deep Neural Networks
This work addresses the need for better interpretability of adversarial attacks in vision-based neural networks, though it is incremental as it builds on existing visualization techniques.
The researchers tackled the problem of understanding how adversarial attacks penetrate deep neural networks by developing Bluff, an interactive system for visualizing and comparing activation pathways, which revealed mechanisms used by attacks to harm models.
Deep neural networks (DNNs) are now commonly used in many domains. However, they are vulnerable to adversarial attacks: carefully crafted perturbations on data inputs that can fool a model into making incorrect predictions. Despite significant research on developing DNN attack and defense techniques, people still lack an understanding of how such attacks penetrate a model's internals. We present Bluff, an interactive system for visualizing, characterizing, and deciphering adversarial attacks on vision-based neural networks. Bluff allows people to flexibly visualize and compare the activation pathways for benign and attacked images, revealing mechanisms that adversarial attacks employ to inflict harm on a model. Bluff is open-sourced and runs in modern web browsers.