0%

(2017) The robust manifold defense:Adversarial training using generative models

Posted on In ,

Keyword [Deep Image Prior]

Ilyas A, Jalal A, Asteri E, et al. The robust manifold defense: Adversarial training using generative models[J]. arXiv preprint arXiv:1712.09196, 2017.


1. Overview

1.1. Motivation

  • the natural image manifold is low-dimensional but the noisy is very high dimensional

In this paper, it proposed a pre-processing step that projects on the range of a generative model using gradient descent (Invert and Classify, INC)

  • robust against first-order, substitute model and combined adversarial attacks
  • show that adversarial training on the generative manifold can make the classifier robust to these attacks
  • INC + deep image prior

1.2. Contribution

  • INC. robust against a wide variety of attacks. first-order, substitute models and enhanced attacks combining the two
  • formulating min-max optimization problem
  • DIP-INC. without pretrained


2. Methods

2.1. INC





2.2. DIP-INC

  • The number of steps was empirically tuned in our experiments and depends on the power of the adversary




3. Experiments

3.1. INC-MNIST



3.2. INC-CelebA



3.3. DIP-INC ImageNet