Adversarial Purification with the Manifold Hypothesis

Zhaoyuan Yang, Zhiwei Xu, Jing Zhang, Richard I. Hartley, Peter H. Tu

AAAI 2024 pp. 16379-16387

doi:10.1609/AAAI.V38I15.29574 /aaai/2024/yang2024aaai-adversarial/

Abstract

In this work, we formulate a novel framework for adversarial robustness using the manifold hypothesis. This framework provides sufficient conditions for defending against adversarial examples. We develop an adversarial purification method with this framework. Our method combines manifold learning with variational inference to provide adversarial robustness without the need for expensive adversarial training. Experimentally, our approach can provide adversarial robustness even if attackers are aware of the existence of the defense. In addition, our method can also serve as a test-time defense mechanism for variational autoencoders.

PDF AAAI Semantic Scholar

Cite

Text

Yang et al. "Adversarial Purification with the Manifold Hypothesis." AAAI Conference on Artificial Intelligence, 2024. doi:10.1609/AAAI.V38I15.29574

Markdown

[Yang et al. "Adversarial Purification with the Manifold Hypothesis." AAAI Conference on Artificial Intelligence, 2024.](https://mlanthology.org/aaai/2024/yang2024aaai-adversarial/) doi:10.1609/AAAI.V38I15.29574

BibTeX

@inproceedings{yang2024aaai-adversarial,
  title     = {{Adversarial Purification with the Manifold Hypothesis}},
  author    = {Yang, Zhaoyuan and Xu, Zhiwei and Zhang, Jing and Hartley, Richard I. and Tu, Peter H.},
  booktitle = {AAAI Conference on Artificial Intelligence},
  year      = {2024},
  pages     = {16379-16387},
  doi       = {10.1609/AAAI.V38I15.29574},
  url       = {https://mlanthology.org/aaai/2024/yang2024aaai-adversarial/}
}