Probabilistic Categorical Adversarial Attack & Adversarial Training

TL;DR

This paper introduces PCAA, a novel efficient attack method for categorical data in DNNs, and an adversarial training framework, demonstrating improved effectiveness and efficiency over existing approaches.

Contribution

The paper presents PCAA, a continuous optimization-based attack for categorical data, and an accompanying adversarial training method, advancing the state-of-the-art in categorical adversarial robustness.

Findings

PCAA outperforms greedy search methods in efficiency and success rate.

The adversarial training framework enhances DNN robustness against categorical adversarial attacks.

Theoretical analysis confirms the optimality and reduced time complexity of PCAA.

Abstract

The existence of adversarial examples brings huge concern for people to apply Deep Neural Networks (DNNs) in safety-critical tasks. However, how to generate adversarial examples with categorical data is an important problem but lack of extensive exploration. Previously established methods leverage greedy search method, which can be very time-consuming to conduct successful attack. This also limits the development of adversarial training and potential defenses for categorical data. To tackle this problem, we propose Probabilistic Categorical Adversarial Attack (PCAA), which transfers the discrete optimization problem to a continuous problem that can be solved efficiently by Projected Gradient Descent. In our paper, we theoretically analyze its optimality and time complexity to demonstrate its significant advantage over current greedy based attacks. Moreover, based on our attack, we propose an efficient adversarial training framework. Through a comprehensive empirical study, we justify the effectiveness of our proposed attack and defense algorithms.