Safer Classification by Synthesis

TL;DR

This paper proposes a generative modeling approach for classification that enhances safety against out-of-distribution examples and adversarial attacks by learning class-specific generative models and selecting classes based on similarity.

Contribution

It introduces a novel generative classification method that improves robustness and the ability to recognize unknown inputs compared to traditional discriminative models.

Findings

Improves out-of-distribution detection and safety.

Maintains competitive accuracy on standard classification tasks.

Provides resilience against adversarial examples.

Abstract

The discriminative approach to classification using deep neural networks has become the de-facto standard in various fields. Complementing recent reservations about safety against adversarial examples, we show that conventional discriminative methods can easily be fooled to provide incorrect labels with very high confidence to out of distribution examples. We posit that a generative approach is the natural remedy for this problem, and propose a method for classification using generative models. At training time, we learn a generative model for each class, while at test time, given an example to classify, we query each generator for its most similar generation, and select the class corresponding to the most similar one. Our approach is general and can be used with expressive models such as GANs and VAEs. At test time, our method accurately "knows when it does not know," and provides resilience to out of distribution examples while maintaining competitive performance for standard examples.