Panda or not Panda? Understanding Adversarial Attacks with Interactive Visualization
This work addresses the problem of making adversarial machine learning more accessible and interpretable for novice learners and educators, though it is incremental as it builds on existing visualization techniques.
The paper tackled the challenge of understanding adversarial attacks in image classification by introducing AdvEx, an interactive visualization system, which was shown to be highly effective and engaging for learners through user studies and expert interviews.
Adversarial machine learning (AML) studies attacks that can fool machine learning algorithms into generating incorrect outcomes as well as the defenses against worst-case attacks to strengthen model robustness. Specifically for image classification, it is challenging to understand adversarial attacks due to their use of subtle perturbations that are not human-interpretable, as well as the variability of attack impacts influenced by diverse methodologies, instance differences, and model architectures. Through a design study with AML learners and teachers, we introduce AdvEx, a multi-level interactive visualization system that comprehensively presents the properties and impacts of evasion attacks on different image classifiers for novice AML learners. We quantitatively and qualitatively assessed AdvEx in a two-part evaluation including user studies and expert interviews. Our results show that AdvEx is not only highly effective as a visualization tool for understanding AML mechanisms, but also provides an engaging and enjoyable learning experience, thus demonstrating its overall benefits for AML learners.