Probabilistic Categorical Adversarial Attack & Adversarial Training
This addresses a critical gap in adversarial robustness for safety-critical applications using categorical data, though it is incremental as it builds on existing attack and defense frameworks.
The paper tackles the problem of generating adversarial examples for categorical data in deep neural networks, which was previously time-consuming with greedy search methods, by proposing Probabilistic Categorical Adversarial Attack (PCAA) that transforms it into a continuous optimization problem solved efficiently with Projected Gradient Descent, and demonstrates its effectiveness through theoretical analysis and empirical studies.
The existence of adversarial examples brings huge concern for people to apply Deep Neural Networks (DNNs) in safety-critical tasks. However, how to generate adversarial examples with categorical data is an important problem but lack of extensive exploration. Previously established methods leverage greedy search method, which can be very time-consuming to conduct successful attack. This also limits the development of adversarial training and potential defenses for categorical data. To tackle this problem, we propose Probabilistic Categorical Adversarial Attack (PCAA), which transfers the discrete optimization problem to a continuous problem that can be solved efficiently by Projected Gradient Descent. In our paper, we theoretically analyze its optimality and time complexity to demonstrate its significant advantage over current greedy based attacks. Moreover, based on our attack, we propose an efficient adversarial training framework. Through a comprehensive empirical study, we justify the effectiveness of our proposed attack and defense algorithms.