Learning from Attacks: Attacking Variational Autoencoder for Improving Image Classification
This work addresses robustness and performance in image classification for machine learning practitioners, offering a novel approach that leverages adversarial examples, though it appears incremental in combining existing techniques.
The paper tackles the problem of improving image classification by using adversarial attacks as a source of implicit information, proposing a framework that jointly learns to attack Variational Autoencoders and classify images, achieving higher accuracy on standard datasets compared to training with clean examples and traditional adversarial training.
Adversarial attacks are often considered as threats to the robustness of Deep Neural Networks (DNNs). Various defending techniques have been developed to mitigate the potential negative impact of adversarial attacks against task predictions. This work analyzes adversarial attacks from a different perspective. Namely, adversarial examples contain implicit information that is useful to the predictions i.e., image classification, and treat the adversarial attacks against DNNs for data self-expression as extracted abstract representations that are capable of facilitating specific learning tasks. We propose an algorithmic framework that leverages the advantages of the DNNs for data self-expression and task-specific predictions, to improve image classification. The framework jointly learns a DNN for attacking Variational Autoencoder (VAE) networks and a DNN for classification, coined as Attacking VAE for Improve Classification (AVIC). The experiment results show that AVIC can achieve higher accuracy on standard datasets compared to the training with clean examples and the traditional adversarial training.