• Corpus ID: 29170403

Featurized Bidirectional GAN: Adversarial Defense via Adversarially Learned Semantic Inference

  title={Featurized Bidirectional GAN: Adversarial Defense via Adversarially Learned Semantic Inference},
  author={Ruying Bao and Sihang Liang and Qingcan Wang},
Deep neural networks have been demonstrated to be vulnerable to adversarial attacks, where small perturbations intentionally added to the original inputs can fool the classifier. In this paper, we propose a defense method, Featurized Bidirectional Generative Adversarial Networks (FBGAN), to extract the semantic features of the input and filter the non-semantic perturbation. FBGAN is pre-trained on the clean dataset in an unsupervised manner, adversarially learning a bidirectional mapping… 

Figures and Tables from this paper

Defending Adversarial Attacks via Semantic Feature Manipulation

This paper proposes a one-off and attack-agnostic Feature Manipulation (FM)-Defense to detect and purify adversarial examples in an interpretable and efficient manner and empirically demonstrates the effectiveness of detection and the quality of purified instance.

Adversarial Detection by Latent Style Transformations

This paper explores an effective detection-based defense against adversarial attacks on images by extending the investigation beyond a single-instance perspective to incorporate its transformations as well, and leverages a controllable generative mechanism to conduct the non-essential style transformations for a given image via modification along the style axis in the latent space.

Generative Adversarial Networks: A Literature Review

Traditional generation models and typical Generative Adversarial Networks models are reviewed, the application of their models in natural language processing and computer vision is analyzed, and the contributions in information security, cyber security and artificial intelligence security are reviewed.

Privacy and Security Issues in Deep Learning: A Survey

This paper briefly introduces the four types of attacks and privacy-preserving techniques in DL, and summarizes the attack and defense methods associated with DL privacy and security in recent years.

Adversarial Examples - A Complete Characterisation of the Phenomenon

This document can be used as survey, tutorial or as a catalog of attacks and defences using adversarial examples, which covers all the important concerns in this field of study.

Generative Models for Security: Attacks, Defenses, and Opportunities

The use of generative models in adversarial machine learning, in helping automate or enhance existing attacks, and as building blocks for defenses in contexts such as intrusion detection, biometrics spoofing, and malware obfuscation are discussed.

Motivating the Rules of the Game for Adversarial Example Research

It is argued that adversarial example defense papers have, to date, mostly considered abstract, toy games that do not relate to any specific security concern, and a taxonomy of motivations, constraints, and abilities for more plausible adversaries is established.

Genetic Algorithm Based Bi-directional Generative Adversary Network for LIBOR Prediction

This paper is to introduce genetic algorithm based bi-directional generative adversary network (“BiGAN”) to predict the LIBOR in USD and both the pro and cons of the algorithm will be discussed.



Defense-GAN: Protecting Classifiers Against Adversarial Attacks Using Generative Models

The proposed Defense-GAN, a new framework leveraging the expressive capability of generative models to defend deep neural networks against adversarial perturbations, is empirically shown to be consistently effective against different attack methods and improves on existing defense strategies.

Adversarial Feature Learning

Bidirectional Generative Adversarial Networks are proposed as a means of learning the inverse mapping of GANs, and it is demonstrated that the resulting learned feature representation is useful for auxiliary supervised discrimination tasks, competitive with contemporary approaches to unsupervised and self-supervised feature learning.

The Robust Manifold Defense: Adversarial Training using Generative Models

We propose a new type of attack for finding adversarial examples for image classifiers. Our method exploits spanners, i.e. deep neural networks whose input space is low-dimensional and whose output

Adversarially Learned Inference

The adversarially learned inference (ALI) model is introduced, which jointly learns a generation network and an inference network using an adversarial process and the usefulness of the learned representations is confirmed by obtaining a performance competitive with state-of-the-art on the semi-supervised SVHN and CIFAR10 tasks.

Defense Against Adversarial Attacks Using High-Level Representation Guided Denoiser

High-level representation guided denoiser (HGD) is proposed as a defense for image classification by using a loss function defined as the difference between the target model's outputs activated by the clean image and denoised image.

Semi-supervised Learning with GANs: Manifold Invariance with Improved Inference

This work proposes enhancements over existing methods for learning the inverse mapping (i.e., the encoder) which greatly improves in terms of semantic similarity of the reconstructed sample with the input sample as well as providing insights into how fake examples influence the semi-supervised learning procedure.

MagNet: A Two-Pronged Defense against Adversarial Examples

MagNet, a framework for defending neural network classifiers against adversarial examples, is proposed and it is shown empirically that MagNet is effective against the most advanced state-of-the-art attacks in blackbox and graybox scenarios without sacrificing false positive rate on normal examples.

Explaining and Harnessing Adversarial Examples

It is argued that the primary cause of neural networks' vulnerability to adversarial perturbation is their linear nature, supported by new quantitative results while giving the first explanation of the most intriguing fact about them: their generalization across architectures and training sets.

Towards Deep Learning Models Resistant to Adversarial Attacks

This work studies the adversarial robustness of neural networks through the lens of robust optimization, and suggests the notion of security against a first-order adversary as a natural and broad security guarantee.

Ensemble Adversarial Training: Attacks and Defenses

This work finds that adversarial training remains vulnerable to black-box attacks, where perturbations computed on undefended models are transferred to a powerful novel single-step attack that escapes the non-smooth vicinity of the input data via a small random step.