Improving VAEs' Robustness to Adversarial Attack

TL;DR

This paper introduces a new approach to enhance the adversarial robustness of variational autoencoders by combining disentangling methods with hierarchical structures, achieving high-quality and robust reconstructions.

Contribution

The authors develop a hierarchical VAE framework that maintains high reconstruction quality while significantly improving adversarial robustness, addressing a key vulnerability in VAEs.

Findings

Disentangled VAEs are more robust but have lower reconstruction quality.

Hierarchical VAEs with disentangling achieve both high fidelity and robustness.

The proposed models outperform existing methods against state-of-the-art adversarial attacks.

Abstract

Variational autoencoders (VAEs) have recently been shown to be vulnerable to adversarial attacks, wherein they are fooled into reconstructing a chosen target image. However, how to defend against such attacks remains an open problem. We make significant advances in addressing this issue by introducing methods for producing adversarially robust VAEs. Namely, we first demonstrate that methods proposed to obtain disentangled latent representations produce VAEs that are more robust to these attacks. However, this robustness comes at the cost of reducing the quality of the reconstructions. We ameliorate this by applying disentangling methods to hierarchical VAEs. The resulting models produce high-fidelity autoencoders that are also adversarially robust. We confirm their capabilities on several different datasets and with current state-of-the-art VAE adversarial attacks, and also show that they increase the robustness of downstream tasks to attack.