Benign Adversarial Attack: Tricking Models for Goodness

TL;DR

This paper explores using adversarial examples benignly to improve model robustness and security, shifting focus from attack-defense to positive applications like testing, rejection, and data augmentation.

Contribution

It introduces the concept of benign adversarial attack, leveraging non-semantic features for beneficial purposes in machine learning.

Findings

Demonstrates adversarial examples can be used for model testing.

Shows potential for rejecting malicious model applications.

Proposes adversarial data augmentation as a beneficial technique.

Abstract

In spite of the successful application in many fields, machine learning models today suffer from notorious problems like vulnerability to adversarial examples. Beyond falling into the cat-and-mouse game between adversarial attack and defense, this paper provides alternative perspective to consider adversarial example and explore whether we can exploit it in benign applications. We first attribute adversarial example to the human-model disparity on employing non-semantic features. While largely ignored in classical machine learning mechanisms, non-semantic feature enjoys three interesting characteristics as (1) exclusive to model, (2) critical to affect inference, and (3) utilizable as features. Inspired by this, we present brave new idea of benign adversarial attack to exploit adversarial examples for goodness in three directions: (1) adversarial Turing test, (2) rejecting malicious model application, and (3) adversarial data augmentation. Each direction is positioned with motivation elaboration, justification analysis and prototype applications to showcase its potential.