Adversarial Robustness of VAEs across Intersectional Subgroups

TL;DR

This paper investigates the adversarial robustness of Variational Autoencoders across different demographic subgroups, revealing disparities in vulnerability that are influenced by factors like data scarcity and representation entanglement.

Contribution

It provides a comprehensive evaluation of VAE robustness across intersectional subgroups and identifies key factors affecting their resilience to adversarial attacks.

Findings

Robustness disparities exist among subgroups.

Older women are more vulnerable to adversarial attacks.

Disparities are not solely due to subgroup size.

Abstract

Despite advancements in Autoencoders (AEs) for tasks like dimensionality reduction, representation learning and data generation, they remain vulnerable to adversarial attacks. Variational Autoencoders (VAEs), with their probabilistic approach to disentangling latent spaces, show stronger resistance to such perturbations compared to deterministic AEs; however, their resilience against adversarial inputs is still a concern. This study evaluates the robustness of VAEs against non-targeted adversarial attacks by optimizing minimal sample-specific perturbations to cause maximal damage across diverse demographic subgroups (combinations of age and gender). We investigate two questions: whether there are robustness disparities among subgroups, and what factors contribute to these disparities, such as data scarcity and representation entanglement. Our findings reveal that robustness disparities exist but are not always correlated with the size of the subgroup. By using downstream gender and age classifiers and examining latent embeddings, we highlight the vulnerability of subgroups like older women, who are prone to misclassification due to adversarial perturbations pushing their representations toward those of other subgroups.