Benign Adversarial Attack: Tricking Models for Goodness
This work addresses the vulnerability of ML models to adversarial attacks by offering an alternative perspective for researchers and practitioners, though it appears incremental as it builds on existing adversarial example concepts.
The paper tackles the problem of adversarial examples in machine learning by proposing to exploit them for beneficial purposes, such as adversarial Turing tests, rejecting malicious models, and data augmentation, without specifying concrete numerical results.
In spite of the successful application in many fields, machine learning models today suffer from notorious problems like vulnerability to adversarial examples. Beyond falling into the cat-and-mouse game between adversarial attack and defense, this paper provides alternative perspective to consider adversarial example and explore whether we can exploit it in benign applications. We first attribute adversarial example to the human-model disparity on employing non-semantic features. While largely ignored in classical machine learning mechanisms, non-semantic feature enjoys three interesting characteristics as (1) exclusive to model, (2) critical to affect inference, and (3) utilizable as features. Inspired by this, we present brave new idea of benign adversarial attack to exploit adversarial examples for goodness in three directions: (1) adversarial Turing test, (2) rejecting malicious model application, and (3) adversarial data augmentation. Each direction is positioned with motivation elaboration, justification analysis and prototype applications to showcase its potential.