Are Generative Classifiers More Robust to Adversarial Attacks?

Yingzhen Li, John Bradshaw, Yash Sharma
Proceedings of the 36th International Conference on Machine Learning, PMLR 97:3804-3814, 2019.

Abstract

There is a rising interest in studying the robustness of deep neural network classifiers against adversaries, with both advanced attack and defence techniques being actively developed. However, most recent work focuses on discriminative classifiers, which only model the conditional distribution of the labels given the inputs. In this paper, we propose and investigate the deep Bayes classifier, which improves classical naive Bayes with conditional deep generative models. We further develop detection methods for adversarial examples, which reject inputs with low likelihood under the generative model. Experimental results suggest that deep Bayes classifiers are more robust than deep discriminative classifiers, and that the proposed detection methods are effective against many recently proposed attacks.

Cite this Paper

BibTeX
@InProceedings{pmlr-v97-li19a, title = {Are Generative Classifiers More Robust to Adversarial Attacks?}, author = {Li, Yingzhen and Bradshaw, John and Sharma, Yash}, booktitle = {Proceedings of the 36th International Conference on Machine Learning}, pages = {3804--3814}, year = {2019}, editor = {Chaudhuri, Kamalika and Salakhutdinov, Ruslan}, volume = {97}, series = {Proceedings of Machine Learning Research}, month = {09--15 Jun}, publisher = {PMLR}, pdf = {http://proceedings.mlr.press/v97/li19a/li19a.pdf}, url = {https://proceedings.mlr.press/v97/li19a.html}, abstract = {There is a rising interest in studying the robustness of deep neural network classifiers against adversaries, with both advanced attack and defence techniques being actively developed. However, most recent work focuses on discriminative classifiers, which only model the conditional distribution of the labels given the inputs. In this paper, we propose and investigate the deep Bayes classifier, which improves classical naive Bayes with conditional deep generative models. We further develop detection methods for adversarial examples, which reject inputs with low likelihood under the generative model. Experimental results suggest that deep Bayes classifiers are more robust than deep discriminative classifiers, and that the proposed detection methods are effective against many recently proposed attacks.} }
Endnote
%0 Conference Paper %T Are Generative Classifiers More Robust to Adversarial Attacks? %A Yingzhen Li %A John Bradshaw %A Yash Sharma %B Proceedings of the 36th International Conference on Machine Learning %C Proceedings of Machine Learning Research %D 2019 %E Kamalika Chaudhuri %E Ruslan Salakhutdinov %F pmlr-v97-li19a %I PMLR %P 3804--3814 %U https://proceedings.mlr.press/v97/li19a.html %V 97 %X There is a rising interest in studying the robustness of deep neural network classifiers against adversaries, with both advanced attack and defence techniques being actively developed. However, most recent work focuses on discriminative classifiers, which only model the conditional distribution of the labels given the inputs. In this paper, we propose and investigate the deep Bayes classifier, which improves classical naive Bayes with conditional deep generative models. We further develop detection methods for adversarial examples, which reject inputs with low likelihood under the generative model. Experimental results suggest that deep Bayes classifiers are more robust than deep discriminative classifiers, and that the proposed detection methods are effective against many recently proposed attacks.
APA
Li, Y., Bradshaw, J. & Sharma, Y.. (2019). Are Generative Classifiers More Robust to Adversarial Attacks?. Proceedings of the 36th International Conference on Machine Learning, in Proceedings of Machine Learning Research 97:3804-3814 Available from https://proceedings.mlr.press/v97/li19a.html.

Related Material