Current browse context:
cs.CR
Change to browse by:
References & Citations
Computer Science > Computer Vision and Pattern Recognition
Title: The Robust Manifold Defense: Adversarial Training using Generative Models
(Submitted on 26 Dec 2017 (v1), last revised 10 Jul 2019 (this version, v5))
Abstract: We propose a new type of attack for finding adversarial examples for image classifiers. Our method exploits spanners, i.e. deep neural networks whose input space is low-dimensional and whose output range approximates the set of images of interest. Spanners may be generators of GANs or decoders of VAEs. The key idea in our attack is to search over latent code pairs to find ones that generate nearby images with different classifier outputs. We argue that our attack is stronger than searching over perturbations of real images. Moreover, we show that our stronger attack can be used to reduce the accuracy of Defense-GAN to 3\%, resolving an open problem from the well-known paper by Athalye et al. We combine our attack with normal adversarial training to obtain the most robust known MNIST classifier, significantly improving the state of the art against PGD attacks. Our formulation involves solving a min-max problem, where the min player sets the parameters of the classifier and the max player is running our attack, and is thus searching for adversarial examples in the {\em low-dimensional} input space of the spanner.
All code and models are available at \url{this https URL}
Submission history
From: Ajil Jalal [view email][v1] Tue, 26 Dec 2017 07:28:14 GMT (2938kb,D)
[v2] Fri, 31 May 2019 14:42:03 GMT (1355kb,D)
[v3] Tue, 4 Jun 2019 13:23:51 GMT (1355kb,D)
[v4] Thu, 4 Jul 2019 15:26:38 GMT (1356kb,D)
[v5] Wed, 10 Jul 2019 03:51:45 GMT (1357kb,D)
Link back to: arXiv, form interface, contact.