Abstract
Despite their tremendous success in modelling high-dimensional data manifolds, deep neural networks suffer from the threat of adversarial attacks - Existence of perceptually valid input-like samples obtained through careful perturbation that lead to degradation in the performance of the underlying model. Major concerns with existing defense mechanisms includenon-generalizability across different attacks, models and largeinference time. In this paper, we propose a generalized defense mechanism capitalizing on the expressive power of regularized latent space based generative models. We design an adversarial filter, devoid of access to classifier and adversaries, which makes it usable in tandem with any classifier. The basic idea is to learn a Lipschitz constrained mapping from the data manifold, incorporating adversarial perturbations, to a quantized latent space and re-map it to the true data manifold. Specifically, wesimultaneously auto-encode the data manifold and its pertur-bations implicitly through the perturbations of the regularizedand quantized generative latent space, realized using variationalinference. We demonstrate the efficacy of the proposed formula-tion in providing resilience against multiple attack types (blackand white box) and methods, while being almost real-time. Ourexperiments show that the proposed method surpasses the state-of-the-art techniques in several cases. The implementation codeis available at - https://github.com/mayank31398/lqvae.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.