Adversarial Purification with the Manifold Hypothesis
This work addresses the problem of adversarial examples in machine learning, offering a potentially more efficient defense mechanism for practitioners, though it appears incremental as it builds on existing manifold and variational inference concepts.
The authors tackled adversarial robustness by proposing a novel framework based on the manifold hypothesis, which led to an adversarial purification method that provides defense without adversarial training, achieving robustness even against adaptive attackers.
In this work, we formulate a novel framework for adversarial robustness using the manifold hypothesis. This framework provides sufficient conditions for defending against adversarial examples. We develop an adversarial purification method with this framework. Our method combines manifold learning with variational inference to provide adversarial robustness without the need for expensive adversarial training. Experimentally, our approach can provide adversarial robustness even if attackers are aware of the existence of the defense. In addition, our method can also serve as a test-time defense mechanism for variational autoencoders.