$\beta$-Variational Classifiers Under Attack

TL;DR

This paper analyzes the robustness and detection capabilities of $eta$-Variational Classifiers, which combine classification with generative modeling, in the context of adversarial attacks on neural networks.

Contribution

It provides a novel analysis of $eta$-Variational Classifiers' robustness, detection abilities, and insights into their generative components under adversarial conditions.

Findings

$eta$-Variational Classifiers show specific robustness properties.

They can be used to detect adversarial perturbations.

The generative component offers new insights into model behavior.

Abstract

Deep Neural networks have gained lots of attention in recent years thanks to the breakthroughs obtained in the field of Computer Vision. However, despite their popularity, it has been shown that they provide limited robustness in their predictions. In particular, it is possible to synthesise small adversarial perturbations that imperceptibly modify a correctly classified input data, making the network confidently misclassify it. This has led to a plethora of different methods to try to improve robustness or detect the presence of these perturbations. In this paper, we perform an analysis of $\beta$-Variational Classifiers, a particular class of methods that not only solve a specific classification task, but also provide a generative component that is able to generate new samples from the input distribution. More in details, we study their robustness and detection capabilities, together with some novel insights on the generative part of the model.