Generating Natural Adversarial Examples

TL;DR

This paper introduces a framework for generating natural, semantically meaningful adversarial examples across various domains using generative adversarial networks, aiding in robustness evaluation of machine learning models.

Contribution

It proposes a novel method to create natural adversarial examples on the data manifold by leveraging semantic space and GANs, applicable to multiple complex domains.

Findings

Generated adversaries are natural and human-legible.

The approach effectively evaluates black-box classifiers.

Demonstrates versatility across image, text, and translation tasks.

Abstract

Due to their complex nature, it is hard to characterize the ways in which machine learning models can misbehave or be exploited when deployed. Recent work on adversarial examples, i.e. inputs with minor perturbations that result in substantially different model predictions, is helpful in evaluating the robustness of these models by exposing the adversarial scenarios where they fail. However, these malicious perturbations are often unnatural, not semantically meaningful, and not applicable to complicated domains such as language. In this paper, we propose a framework to generate natural and legible adversarial examples that lie on the data manifold, by searching in semantic space of dense and continuous data representation, utilizing the recent advances in generative adversarial networks. We present generated adversaries to demonstrate the potential of the proposed approach for black-box classifiers for a wide range of applications such as image classification, textual entailment, and machine translation. We include experiments to show that the generated adversaries are natural, legible to humans, and useful in evaluating and analyzing black-box classifiers.