Proactive Schemes: A Survey of Adversarial Attacks for Social Good

TL;DR

This survey examines the rise of proactive schemes-methods that encrypt input data using additional signals termed templates, to enhance the performance of deep learning models, and discusses the challenges, potential vulnerabilities, and future directions for proactive schemes, highlighting their potential to foster the responsible and secure advancement of deep learning technologies.

Abstract

Adversarial attacks in computer vision exploit the vulnerabilities of machine learning models by introducing subtle perturbations to input data, often leading to incorrect predictions or classifications. These attacks have evolved in sophistication with the advent of deep learning, presenting significant challenges in critical applications, which can be harmful for society. However, there is also a rich line of research from a transformative perspective that leverages adversarial techniques for social good. Specifically, we examine the rise of proactive schemes-methods that encrypt input data using additional signals termed templates, to enhance the performance of deep learning models. By embedding these imperceptible templates into digital media, proactive schemes are applied across various applications, from simple image enhancements to complicated deep learning frameworks to aid performance, as compared to the passive schemes, which don't change the input data distribution for their framework. The survey delves into the methodologies behind these proactive schemes, the encryption and learning processes, and their application to modern computer vision and natural language processing applications. Additionally, it discusses the challenges, potential vulnerabilities, and future directions for proactive schemes, ultimately highlighting their potential to foster the responsible and secure advancement of deep learning technologies.

Figures (17)

• Figure 1: Passive vs. Proactive Schemes: Passive schemes take an input as is for their method, while proactive schemes use templates to encrypt the input and then use the encrypted data as the input. The main advantage of the proactive schemes comes from their improved performance compared to the passive schemes.
• Figure 2: A general overview of the proactive framework. The method starts by encrypting the input data with a template. This is known as Encryption process. The framework passes through a learning process, and is evaluated based on certain learning objectives. Finally, every method is associated with a specific application. In the survey paper, we discuss all the three stages in a sequential way, with each section focusing on several techniques and aspects of the respective stage.
• Figure 3: Bit sequences and $2$D noises as a type of templates (a) yu2021artificial, (b) yu2021artificialzeng2023securing. Bit sequences templates are a one-hot encoding, which are then embedded into the input data according to different techniques, while $2$D templates are spatial noises embedded into the input data.
• Figure 4: Various examples of input-encrypted input pairs after adding the $2$D noise templates into the original input images. (a) zeng2023securing, (b) Asnani_2022_CVPR, (c) Asnani_2023_CVPR and (d) cui2023ft.
• Figure 5: Text signals as a type of templates. Techniques include various types of perturbing text data, for ex. inserting, swapping, and adding patches of text robey2023smoothllm.