Semantics Preserving Adversarial Learning

TL;DR

This paper introduces a novel framework for generating adversarial examples that preserve the original input semantics by learning and perturbing the input manifold, effectively evading existing defenses across various data types.

Contribution

It presents a manifold learning-based method combined with Gram-Schmidt perturbations to produce semantically meaningful adversarial examples, a significant advancement over prior imperceptible attacks.

Findings

Successfully generates semantics-preserving adversarial examples for images, text, and toy data.

Demonstrates the approach's ability to evade current adversarial defenses.

Shows the effectiveness of the method across multiple data modalities.

Abstract

While progress has been made in crafting visually imperceptible adversarial examples, constructing semantically meaningful ones remains a challenge. In this paper, we propose a framework to generate semantics preserving adversarial examples. First, we present a manifold learning method to capture the semantics of the inputs. The motivating principle is to learn the low-dimensional geometric summaries of the inputs via statistical inference. Then, we perturb the elements of the learned manifold using the Gram-Schmidt process to induce the perturbed elements to remain in the manifold. To produce adversarial examples, we propose an efficient algorithm whereby we leverage the semantics of the inputs as a source of knowledge upon which we impose adversarial constraints. We apply our approach on toy data, images and text, and show its effectiveness in producing semantics preserving adversarial examples which evade existing defenses against adversarial attacks.