• Corpus ID: 232185314

# Diagnosing Vulnerability of Variational Auto-Encoders to Adversarial Attacks

@article{Kuzina2021DiagnosingVO,
title={Diagnosing Vulnerability of Variational Auto-Encoders to Adversarial Attacks},
author={Anna Kuzina and Max Welling and Jakub M. Tomczak},
journal={ArXiv},
year={2021},
volume={abs/2103.06701}
}
• Published 10 March 2021
• Computer Science
• ArXiv
In this work, we explore adversarial attacks on the Variational Autoencoders (VAE). We show how to modify data point to obtain a prescribed latent code (supervised attack) or just get a drastically different code (unsupervised attack). We examine the influence of model modifications (β-VAE, NVAE) on the robustness of VAEs and suggest metrics to quantify it. 1
7 Citations

## Figures and Tables from this paper

• Computer Science
ArXiv
• 2021
Evaluation under a diverse range of white-box l∞ attacks suggests that information bottlenecks alone are not a strong defense strategy, and that previous results were likely influenced by gradient obfuscation.
• Computer Science
ArXiv
• 2022
This work examines several objective functions for adversarial attacks construction, suggest metrics assess the model robustness, and propose a solution to alleviate the effect of an attack, which utilizes the Markov Chain Monte Carlo technique in the inference step and is motivated by the theoretical analysis.
• Computer Science
• 2022
This work examines several objective functions for adversarial attack construction proposed previously and presents a solution to alleviate the effect of these attacks by utilizing the Markov Chain Monte Carlo technique in the inference step that is motivated with a theoretical analysis.
• Computer Science
• 2022
This work introduces a regularization scheme to incorporate adversarially perturbed data points to the training pipeline without increasing the computational complexity or compromising the generation fidelity when compared to the robust VAEs by leveraging a loss based on the two-point Kolmogorov–Smirnov test between representations.
• Computer Science
ArXiv
• 2022
This paper demonstrates that the sensitivity at any given input exploits the directional bias of a stochastic pull back metric tensor induced by the encoder network, and proposes robustness evaluation scores using the eigenspectrum of a pullback metric.
• Computer Science
• 2022
This paper demonstrates that the sensitivity around a data point is due to a directional bias of a stochastic pull back metric tensor induced by the encoder network, and proposes robustness evaluation scores using the eigenspectrum of a pullback metric.
• Computer Science
• 2020
— This article, written for the Robust Machine Learning Curriculum, discusses the so-called Generative Models in Machine Learning. Generative models learn the distribution of data from some sample

## References

SHOWING 1-10 OF 20 REFERENCES

• Computer Science
LatinX in AI at Neural Information Processing Systems Conference 2018
• 2018
The resistance to attacks of three variational autoencoders (simple, convolutional, and DRAW) in three datasets is assessed, showing that both DRAW’s recurrence and attention mechanism lead to better resistance.
• Computer Science
ICLR
• 2021
A new hierarchical VAE is introduced, the Seatbelt-VAE, which can produce high-fidelity autoencoders that are also adversarially robust to adversarial attacks and is confirmed on several different datasets and with current state-of-the-art VAE adversarial Attacks.
• Computer Science
AISTATS
• 2021
A novel criterion for robustness in probabilistic models: $r-robustness is developed, and it is shown that VAEs trained using disentangling methods not only score well under the authors' robustness metrics, but that the reasons for this can be interpreted through the theoretical results. • Computer Science NeurIPS • 2018 We decompose the evidence lower bound to show the existence of a term measuring the total correlation between latent variables. We use this to motivate our$\beta$-TCVAE (Total Correlation • Computer Science NeurIPS • 2020 NVAE is the first successful VAE applied to natural images as large as 256$\times\$256 pixels and achieves state-of-the-art results among non-autoregressive likelihood-based models on the MNIST, CIFAR-10, CelebA 64, and CelebA HQ datasets and it provides a strong baseline on FFHQ.
• Computer Science
ICLR
• 2017
Learning an interpretable factorised representation of the independent data generative factors of the world without supervision is an important precursor for the development of artificial
• Computer Science
ICLR
• 2018
It is demonstrated that this model leads to state-of-the-art image compression when measuring visual quality using the popular MS-SSIM index, and yields rate-distortion performance surpassing published ANN-based methods when evaluated using a more traditional metric based on squared error (PSNR).
• Computer Science
ICLR
• 2016
The importance weighted autoencoder (IWAE), a generative model with the same architecture as the VAE, but which uses a strictly tighter log-likelihood lower bound derived from importance weighting, shows empirically that IWAEs learn richer latent space representations than VAEs, leading to improved test log- likelihood on density estimation benchmarks.
This work presents a hierarchical VAE that, for the first time, outperforms the PixelCNN in log-likelihood on all natural image benchmarks and visualize the generative process and show the VAEs learn efficient hierarchical visual representations.
• Computer Science
NeurIPS
• 2019
This paper introduces the Bidirectional-Inference Variational Autoencoder (BIVA), characterized by a skip-connected generative model and an inference network formed by a bidirectional stochastic inference path, and shows that BIVA reaches state-of-the-art test likelihoods, generates sharp and coherent natural images, and uses the hierarchy of latent variables to capture different aspects of the data distribution.