Diagnostics for Deep Neural Networks with Automated Copy/Paste Attacks
This work addresses the challenge of interpreting adversarial examples for humans, offering an incremental improvement by automating copy/paste attacks to reveal weaknesses in DNNs.
The paper tackles the problem of scalable oversight for deep neural networks by introducing SNAFUE, an automated method for finding copy/paste attacks, and uses it to red team an ImageNet classifier, reproducing previous attacks and discovering hundreds of new vulnerabilities without human intervention.
This paper considers the problem of helping humans exercise scalable oversight over deep neural networks (DNNs). Adversarial examples can be useful by helping to reveal weaknesses in DNNs, but they can be difficult to interpret or draw actionable conclusions from. Some previous works have proposed using human-interpretable adversarial attacks including copy/paste attacks in which one natural image pasted into another causes an unexpected misclassification. We build on these with two contributions. First, we introduce Search for Natural Adversarial Features Using Embeddings (SNAFUE) which offers a fully automated method for finding copy/paste attacks. Second, we use SNAFUE to red team an ImageNet classifier. We reproduce copy/paste attacks from previous works and find hundreds of other easily-describable vulnerabilities, all without a human in the loop. Code is available at https://github.com/thestephencasper/snafue