(2017) The robust manifold defense:Adversarial training using generative models

Keyword [Deep Image Prior]

Ilyas A, Jalal A, Asteri E, et al. The robust manifold defense: Adversarial training using generative models[J]. arXiv preprint arXiv:1712.09196, 2017.

1. Overview

1.1. Motivation

  • the natural image manifold is low-dimensional but the noisy is very high dimensional

In this paper, it proposed a pre-processing step that projects on the range of a generative model using gradient descent (Invert and Classify, INC)

  • robust against first-order, substitute model and combined adversarial attacks
  • show that adversarial training on the generative manifold can make the classifier robust to these attacks
  • INC + deep image prior

1.2. Contribution

  • INC. robust against a wide variety of attacks. first-order, substitute models and enhanced attacks combining the two
  • formulating min-max optimization problem
  • DIP-INC. without pretrained

2. Methods

2.1. INC

2.2. DIP-INC

  • The number of steps was empirically tuned in our experiments and depends on the power of the adversary

3. Experiments


3.2. INC-CelebA

3.3. DIP-INC ImageNet