Support is All You Need for Certified VAE Training
This addresses the need for reliable VAE deployment in safety-critical domains like wireless and vision applications, representing a novel approach rather than an incremental improvement.
The paper tackles the problem of providing certified probabilistic guarantees for Variational Autoencoders (VAEs) in safety-critical applications under adversarial attacks, proposing a method called CIVET that outperforms state-of-the-art methods across datasets, architectures, and perturbation magnitudes while maintaining good standard performance with strong robustness guarantees.
Variational Autoencoders (VAEs) have become increasingly popular and deployed in safety-critical applications. In such applications, we want to give certified probabilistic guarantees on performance under adversarial attacks. We propose a novel method, CIVET, for certified training of VAEs. CIVET depends on the key insight that we can bound worst-case VAE error by bounding the error on carefully chosen support sets at the latent layer. We show this point mathematically and present a novel training algorithm utilizing this insight. We show in an extensive evaluation across different datasets (in both the wireless and vision application areas), architectures, and perturbation magnitudes that our method outperforms SOTA methods achieving good standard performance with strong robustness guarantees.