Repository of the paper "Exploring the Connection between Robust and Generative Models"(https://arxiv.org/abs/2304.04033)
We offer a study that connects robust discriminative classifiers trained with adversarial training (AT) with generative modeling in the form of Energy-based Models (EBM). We do so by decomposing the loss of a discriminative classifier and showing that the discriminative model is also aware of the input data density. Though a common assumption is that adversarial points leave the manifold of the input data, our study finds out that, surprisingly, untargeted adversarial points in the input space are very likely under the generative model hidden inside the discriminative classifier---have low energy in the EBM. We present two evidence: untargeted attacks are even more likely than the natural data and their likelihood increases as the attack strength increases. This allows us to easily detect them and craft a novel attack called High-Energy PGD that fools the classifier yet has energy similar to the data set.
You can replicate the results on the notebooks jupyter.
Requirements are described in the requirements file.
The detector and the HE-PGD algorithm can be used to defend and attack neural networks. For more details, please refer to the paper
If you find the paper interesting and you'll use in your research, we appreciate if you cite the paper :)
@inproceedings{beadini2023exploring,
title={Exploring the Connection between Robust and Generative Models},
author={Beadini, Senad and Masi, Iacopo},
booktitle={Ital-{I}{A}, {W}orkshop on AI for Cybersecurity},
year={2023}
}
Distributed under the MIT License. See LICENSE for more information.