This repository contains the code for the experiments from the paper:
Alleviating Adversarial Attacks on Variational Autoencoders with MCMC
Anna Kuzina, Max Welling, Jakub M. Tomczak
Variational autoencoders (VAEs) are latent variable models that can generate complex objects and provide meaningful latent representations. Moreover, they could be further used in downstream tasks such as classification. As previous work has shown, one can easily fool VAEs to produce unexpected latent representations and reconstructions for a visually slightly modified input. Here, we examine several objective functions for adversarial attack construction proposed previously and present a solution to alleviate the effect of these attacks. Our method utilizes the Markov Chain Monte Carlo (MCMC) technique in the inference step that we motivate with a theoretical analysis. Thus, we do not incorporate any extra costs during training, and the performance on non-attacked inputs is not decreased. We validate our approach on a variety of datasets (MNIST, Fashion MNIST, Color MNIST, CelebA) and VAE configurations ( |
We list the required packages in conda_requirements.yaml
:
conda env create -f conda_requirements.yaml
We use w&b to track experiments, save and load trained models, thus it is required to run the code.
Variables USER
, PROJECT
and API_KEY
in the utils/wandb.py
script should be specified before running the experiments.
Full list of hyperpaamters and their descriptions can be found in config.py
The folder runs
contains bash-scripts, which can be used to run all the experiments.
E.g. to train
bash runs/MNIST/train_vae.sh
The command below can be used to train
bash runs/MNIST/train_tc_vae.sh
To run adversarial attacks on VAE without defence:
bash runs/MNIST/attack.sh
And with the defence:
bash runs/MNIST/attack_and_defend.sh
If you found this work useful in your research, please consider citing:
@article{kuzina2022alleviating,
title={Alleviating Adversarial Attacks on Variational Autoencoders with MCMC},
author={Kuzina, Anna and Welling, Max and Tomczak, Jakub M},
journal={36th Conference on Neural Information Processing Systems (NeurIPS 2022)},
year={2022}
}
This research was (partially) funded by the Hybrid Intelligence Center, a 10-year programme funded by the Dutch Ministry of Education, Culture and Science through the Netherlands Organisation for Scientific Research, https://hybrid-intelligence-centre.nl.
This work was carried out on the Dutch national infrastructure with the support of SURF Cooperative.