Resisting Adversarial Attacks Using Gaussian Mixture Variational Autoencoders

Ghosh, Pradip N.; Losalka, Arpan; Black, Michael J.

doi:10.1609/aaai.v33i01.3301541

Cited by 57 publications

(49 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition, the proposed method does not need any adversarial training, and the inference is also time-efficient. Therefore, we evaluate our approach on the full ImageNet validation set which is closer to the real-world setting than other related works on MNIST and CIFAR-10 [15,16,25,26]. MNIST and CIFAR-10 are of very low resolution (28×28, 32×32) and far from the real-world setting.…”

Section: Evaluation Results On Imagenetmentioning

confidence: 99%

Squeeze And Reconstruct: Improved Practical Adversarial Defense Using Paired Image Compression And Reconstruction

Kung

Chen

Liu

et al. 2021

2021 IEEE International Conference on Image Processing (ICIP)

View full text Add to dashboard Cite

As shown in the previous literature, non-robust features of an image such as texture are both the secrets why deep neural networks achieve outstanding classification performance and the sources of adversarial examples. Image compression methods such as JPEG can be used to effectively defend against diverse adversarial attacks by eliminating these non-robust features in the pre-processing stage while significantly sacrificing clean accuracy. To address this issue, we present a squeeze-and-reconstruct framework which first performs image compression followed by image reconstruction to recover necessary details for the improved clean and robust accuracies. With extensive experiments on the challenging ImageNet dataset, the evaluation results demonstrate the effectiveness of the proposed method to defend against the Fast Gradient Sign Method and the powerful Projected Gradient Descent attacks in the whitebox scenarios. In addition, the proposed approach also outperforms other common and off-the-shelf defense models in terms of both clean and robust accuracies.

show abstract

Section: Evaluation Results On Imagenetmentioning

confidence: 99%

Squeeze And Reconstruct: Improved Practical Adversarial Defense Using Paired Image Compression And Reconstruction

Kung

Chen

Liu

et al. 2021

2021 IEEE International Conference on Image Processing (ICIP)

View full text Add to dashboard Cite

show abstract

“…To make a fair comparison and prove the effectiveness of our method, we choose vanilla VAE and several improved versions which have been reported in the same network architecture. The baseline models include constantvariance VAE (CV-VAE) [2,8], Wasserstein VAE (WAE) [28] , 2-stage VAE (2s-VAE) [7] and Regularized AutoEncoders (RAE) [9].…”

Section: Quantitive and Qualitative Results For Image Generationmentioning

confidence: 99%

LDC-VAE: A Latent Distribution Consistency Approach to Variational AutoEncoders

Chen¹,

Gong²,

He³

et al. 2021

Preprint

View full text Add to dashboard Cite

Variational autoencoders (VAEs), as an important aspect of generative models, have received a lot of research interests and reached many successful applications. However, it is always a challenge to achieve the consistency between the learned latent distribution and the prior latent distribution when optimizing the evidence lower bound (ELBO), and finally leads to an unsatisfactory performance in data generation. In this paper, we propose a latent distribution consistency approach to avoid such substantial inconsistency between the posterior and prior latent distributions in ELBO optimizing. We name our method as latent distribution consistency VAE (LDC-VAE). We achieve this purpose by assuming the real posterior distribution in latent space as a Gibbs form, and approximating it by using our encoder. However, there is no analytical solution for such Gibbs posterior in approximation, and traditional approximation ways are time consuming, such as using the iterative sampling-based MCMC. To address this problem, we use the Stein Variational Gradient Descent (SVGD) to approximate the Gibbs posterior. Meanwhile, we use the SVGD to train a sampler net which can obtain efficient samples from the Gibbs posterior. Comparative studies on the popular image generation datasets show that our method has achieved comparable or even better performance than several powerful improvements of VAEs.

show abstract

“…Defense Strength Defense Complexity Experimental Setup Research Impact Statistical Detection [67] Guard -Adversarial Detector * ** ** ** Binary Classification [62] Guard -Adversarial Detector * ** * * In-Layer Detection [117] Guard -Adversarial Detector * ** *** ** Detecting from Artifacts [52] Guard -Adversarial Detector * ** ** ** SafetyNet [111] Guard -Adversarial Detector * ** ** * Convolutional Statistics Detector [104] Guard -Adversarial Detector * ** ** * Saliency Data Detector [183] Guard -Adversarial Detector * ** * * Ensemble Detectors [1] Guard -Adversarial Detector * ** * * MagNet [116] Guard -Adversarial Detector * ** *** ** Generative Detector [102] Guard -Adversarial Detector * ** * * PixelDefend [154] Guard -Adversarial Detector * ** *** * VAE Detector [57] Guard -Adversarial Detector * *** ** * Bit-Depth [70] Guard -Input Transformation * * ** ** Basis Transformations [148] Guard -Input Transformation * * ** * Randomized Transformations [177] Guard -Input Transformation * * *** * Thermometer Encoding [20] Guard -Input Transformation * * *** * Blind Pre-Processing [136] Guard -Input Transformation * * * * Data Discretization [28] Guard -Input Transformation * * ** * Adaptive Noise [105] Guard -Input Transformation * * * * FGSM Training [65] Design -Adversarial Training * * ** *** Gradient Training [152] Design -Adversarial Training * * * * Gradient Regularization [114] Design -Adversarial Training * * * * Structured Regularization [139] Design -Adversarial Training * * ** * Robust Training [149] Design -Adversarial Training ** * ** ** Strong Adversary Training [79] Design -Adversarial Training * ** * ** Madry [115] Design -Adversarial Training *** ** *** *** Ensemble Training [165] Design -Adversarial Training ** ** ** *** Stochastic Pruning [38] Design -Adversarial Training ** ** ** ** Distillation [132] Design -Architecture * ** ** *** Parseval Networks…”

Section: Defense Defense Strategy Defense Performancementioning

confidence: 99%

“…Not i.i.d hypothesis. A different hypothesis assumes that adversarial examples lie off the data manifold, and are sampled from a different distribution [57,102,116,154]. This hypothesis lead to the proposal of adversarial detection methods (Section 7.1) and the attempt to learn this new distribution with generative models.…”

Section: Hypotheses On the Existence Of Adversarial Examplesmentioning

confidence: 99%

“…The authors run, at first, a statistical test to detect if an input belongs to the data generation distribution and, if the test fails, recover the input using generative models. Ghosh et al [57] designed a generative model that finds a latent random variable such that the input and its label become conditionally independent given the latent variable. The latent space is chosen as a mixture of Gaussians, such that each mixture component represents one of the classes in the data.…”

Section: Detection Of Adversarial Examplesmentioning

confidence: 99%

See 1 more Smart Citation

Adversarial Examples on Object Recognition

2020

View full text Add to dashboard Cite

Deep neural networks are at the forefront of machine learning research. However, despite achieving impressive performance on complex tasks, they can be very sensitive: small perturbations of inputs can be sufficient to induce incorrect behavior. Such perturbations, called adversarial examples, are intentionally designed to test the network's sensitivity to distribution drifts. Given their surprisingly small size, a wide body of literature conjectures on their existence and how this phenomenon can be mitigated. In this paper we discuss the impact of adversarial examples on security, safety and robustness of neural networks. We start by introducing the hypotheses behind their existence, the methods used to construct or protect against them and the capacity to transfer adversarial examples between different machine learning models. Altogether, the goal is to provide a comprehensive and self-contained survey of this growing field of research.

show abstract

Resisting Adversarial Attacks Using Gaussian Mixture Variational Autoencoders

Cited by 57 publications

References 0 publications

Squeeze And Reconstruct: Improved Practical Adversarial Defense Using Paired Image Compression And Reconstruction

Squeeze And Reconstruct: Improved Practical Adversarial Defense Using Paired Image Compression And Reconstruction

LDC-VAE: A Latent Distribution Consistency Approach to Variational AutoEncoders

Adversarial Examples on Object Recognition

Contact Info

Product

Resources

About