Semantic Adversarial Deep Learning

TL;DR

This paper emphasizes the importance of system semantics and specifications in generating adversarial examples and designing robust machine learning models, especially for safety-critical cyber-physical systems.

Contribution

It highlights the need to incorporate system-level semantics and specifications into adversarial and robustness research for ML models.

Findings

Preliminary results support the importance of system semantics.

Existing methods often ignore system context and semantics.

Prioritizing semantic modifications can improve adversarial example relevance.

Abstract

Fueled by massive amounts of data, models produced by machine-learning (ML) algorithms, especially deep neural networks, are being used in diverse domains where trustworthiness is a concern, including automotive systems, finance, health care, natural language processing, and malware detection. Of particular concern is the use of ML algorithms in cyber-physical systems (CPS), such as self-driving cars and aviation, where an adversary can cause serious consequences. However, existing approaches to generating adversarial examples and devising robust ML algorithms mostly ignore the semantics and context of the overall system containing the ML component. For example, in an autonomous vehicle using deep learning for perception, not every adversarial example for the neural network might lead to a harmful consequence. Moreover, one may want to prioritize the search for adversarial examples towards those that significantly modify the desired semantics of the overall system. Along the same lines, existing algorithms for constructing robust ML algorithms ignore the specification of the overall system. In this paper, we argue that the semantics and specification of the overall system has a crucial role to play in this line of research. We present preliminary research results that support this claim.