How to generate semantically meaningful and structurally sound adversarial examples? We propose to answer this question by restricting the search for adversaries in the true data manifold. To this end, we introduce a stochastic variational inference method to learn the data manifold, in the presence of continuous latent variables with intractable posterior distributions, without requiring an a priori form for the data underlying distribution. We then propose a manifold perturbation strategy that ensures the cases we perturb remain in the manifold of the original examples and thereby generate the adversaries. We evaluate our approach on a number of image and text datasets. Our results show the effectiveness of our approach in producing coherent, and realistic-looking adversaries that can evade strong defenses known to be resilient to traditional adversarial attacks
翻译:我们建议通过限制在真实数据元数中寻找对手来回答这个问题。 为此,我们引入了一种随机的变异推论方法,以学习数据元数,因为存在连续的潜伏变量,其背后分布难以解决,而无需事先对数据分布进行预先分析,然后我们提出一个多重扰动战略,确保案件保留在原始例子中,从而产生对手。我们评估了我们对一些图像和文本数据集的处理方法。我们的结果表明,我们的方法能够有效地产生连贯和务实的对手,而这种对手可以避开已知对传统的对抗性攻击具有弹性的强大防御。