Skip to content

AKuzina/defend_vae_mcmc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits

attack

attack

 
 

datasets

datasets

 
 

pics

pics

 
 

runs

runs

 
 

thirdparty/pytorch_msssim

thirdparty/pytorch_msssim

 
 

utils

utils

 
 

vae

vae

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

conda_requirements.yaml

conda_requirements.yaml

 
 

config.py

config.py

 
 

run_attack.py

run_attack.py

 
 

run_experiment.py

run_experiment.py

 
 

Repository files navigation

Alleviating Adversarial Attacks on Variational Autoencoders with MCMC

This repository contains the code for the experiments from the paper:

Alleviating Adversarial Attacks on Variational Autoencoders with MCMC

Anna Kuzina, Max Welling, Jakub M. Tomczak

Abstract

Variational autoencoders (VAEs) are latent variable models that can generate complex objects and provide meaningful latent representations. Moreover, they could be further used in downstream tasks such as classification. As previous work has shown, one can easily fool VAEs to produce unexpected latent representations and reconstructions for a visually slightly modified input. Here, we examine several objective functions for adversarial attack construction proposed previously and present a solution to alleviate the effect of these attacks. Our method utilizes the Markov Chain Monte Carlo (MCMC) technique in the inference step that we motivate with a theoretical analysis. Thus, we do not incorporate any extra costs during training, and the performance on non-attacked inputs is not decreased. We validate our approach on a variety of datasets (MNIST, Fashion MNIST, Color MNIST, CelebA) and VAE configurations ($\beta$-VAE, NVAE, $\beta$-TCVAE), and show that our approach consistently improves the model robustness to adversarial attacks.

Experiments

Environment Setup

We list the required packages in conda_requirements.yaml:

conda env create -f conda_requirements.yaml

Weights and Biases Setup

We use w&b to track experiments, save and load trained models, thus it is required to run the code. Variables USER, PROJECT and API_KEY in the utils/wandb.py script should be specified before running the experiments.

Train VAE

Full list of hyperpaamters and their descriptions can be found in config.py

The folder runs contains bash-scripts, which can be used to run all the experiments. E.g. to train $\beta$-VAE on mnist dataset one can used this command:

bash runs/MNIST/train_vae.sh

The command below can be used to train $\beta$-TCVAE:

bash runs/MNIST/train_tc_vae.sh

Attack VAE

To run adversarial attacks on VAE without defence:

bash runs/MNIST/attack.sh

And with the defence:

bash runs/MNIST/attack_and_defend.sh

Cite

If you found this work useful in your research, please consider citing:

@article{kuzina2022alleviating,
  title={Alleviating Adversarial Attacks on Variational Autoencoders with MCMC},
  author={Kuzina, Anna and Welling, Max and Tomczak, Jakub M},
  journal={36th Conference on Neural Information Processing Systems (NeurIPS 2022)},
  year={2022}
}

Acknowledgements

This research was (partially) funded by the Hybrid Intelligence Center, a 10-year programme funded by the Dutch Ministry of Education, Culture and Science through the Netherlands Organisation for Scientific Research, https://hybrid-intelligence-centre.nl.

This work was carried out on the Dutch national infrastructure with the support of SURF Cooperative.

About

Code repository of the paper "Alleviating Adversarial Attacks on Variational Autoencoders with MCMC" published at NeurIPS 2022. https://arxiv.org/abs/2203.09940

Topics

machine-learning deep-learning generative-model vae mcmc adversarial-attacks

Resources

Readme
Activity

Stars

10 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages