Adversarial Purification with the Manifold Hypothesis

Authors

  • Zhaoyuan Yang GE Research
  • Zhiwei Xu Australian National University
  • Jing Zhang Australian National University
  • Richard Hartley Australian National University
  • Peter Tu GE Research

DOI:

https://doi.org/10.1609/aaai.v38i15.29574

Keywords:

ML: Adversarial Learning & Robustness, ML: Deep Generative Models & Autoencoders

Abstract

In this work, we formulate a novel framework for adversarial robustness using the manifold hypothesis. This framework provides sufficient conditions for defending against adversarial examples. We develop an adversarial purification method with this framework. Our method combines manifold learning with variational inference to provide adversarial robustness without the need for expensive adversarial training. Experimentally, our approach can provide adversarial robustness even if attackers are aware of the existence of the defense. In addition, our method can also serve as a test-time defense mechanism for variational autoencoders.
AAAI-24 / IAAI-24 / EAAI-24 Proceedings Cover

Downloads

Published

2024-03-24

How to Cite

Yang, Z., Xu, Z., Zhang, J., Hartley, R., & Tu, P. (2024). Adversarial Purification with the Manifold Hypothesis. Proceedings of the AAAI Conference on Artificial Intelligence, 38(15), 16379–16387. https://doi.org/10.1609/aaai.v38i15.29574

Issue

Vol. 38 No. 15: AAAI-24 Technical Tracks 15

Section

AAAI Technical Track on Machine Learning VI