Diagnosing Vulnerability of Variational Auto-Encoders to Adversarial   Attacks

Anna Kuzina; Max Welling; Jakub M. Tomczak

arXiv:2103.06701·cs.CR·May 7, 2021·1 cites

Diagnosing Vulnerability of Variational Auto-Encoders to Adversarial Attacks

Anna Kuzina, Max Welling, Jakub M. Tomczak

PDF

Open Access 1 Repo

TL;DR

This paper investigates the vulnerability of Variational Autoencoders to adversarial attacks, demonstrating methods to manipulate latent codes and assessing how model modifications affect robustness.

Contribution

It introduces attack techniques on VAEs and proposes metrics to evaluate their robustness, highlighting the impact of different model variants.

Findings

01

Adversarial attacks can successfully manipulate VAE latent codes.

02

Model modifications like $eta$-VAE and NVAE influence robustness.

03

Metrics are proposed to quantify VAE vulnerability.

Abstract

In this work, we explore adversarial attacks on the Variational Autoencoders (VAE). We show how to modify data point to obtain a prescribed latent code (supervised attack) or just get a drastically different code (unsupervised attack). We examine the influence of model modifications ( $β$ -VAE, NVAE) on the robustness of VAEs and suggest metrics to quantify it.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Code & Models

Repositories

AKuzina/attack_vae
pytorchOfficial

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdversarial Robustness in Machine Learning · Generative Adversarial Networks and Image Synthesis · Digital Media Forensic Detection