MAD-VAE: Manifold Awareness Defense Variational Autoencoder
This work addresses adversarial defense for image classification, but it appears incremental as it builds upon existing Defense-VAE methods.
The paper tackles the problem of adversarial attacks on image classification neural networks by improving the robustness of Defense-VAE models, demonstrating effectiveness against various attacks on the MNIST dataset.
Although deep generative models such as Defense-GAN and Defense-VAE have made significant progress in terms of adversarial defenses of image classification neural networks, several methods have been found to circumvent these defenses. Based on Defense-VAE, in our research we introduce several methods to improve the robustness of defense models. The methods introduced in this paper are straight forward yet show promise over the vanilla Defense-VAE. With extensive experiments on MNIST data set, we have demonstrated the effectiveness of our algorithms against different attacks. Our experiments also include attacks on the latent space of the defensive model. We also discuss the applicability of existing adversarial latent space attacks as they may have a significant flaw.