Adversarial Out-domain Examples for Generative Models
This work exposes a security vulnerability in generative models, showing they are susceptible to adversarial attacks similar to discriminative models, which is incremental but important for developers and researchers.
The authors demonstrated that pre-trained generative models can be forced to reproduce arbitrary data instances by feeding them adversarial inputs, which are statistically indistinguishable from genuine inputs, as validated across various GAN architectures and setups.
Deep generative models are rapidly becoming a common tool for researchers and developers. However, as exhaustively shown for the family of discriminative models, the test-time inference of deep neural networks cannot be fully controlled and erroneous behaviors can be induced by an attacker. In the present work, we show how a malicious user can force a pre-trained generator to reproduce arbitrary data instances by feeding it suitable adversarial inputs. Moreover, we show that these adversarial latent vectors can be shaped so as to be statistically indistinguishable from the set of genuine inputs. The proposed attack technique is evaluated with respect to various GAN images generators using different architectures, training processes and for both conditional and not-conditional setups.