Go to DBLP homepageEvaluating Robustness of Reconstruction Models with Adversarial Networks
Abstract: With the advent of adversarial robustness as a research area, much novel work attempts to design creative defense mechanisms against adversarial vulnerabilities that arise. While classification models are the most common target of adversarial robustness research, reconstruction models are often underestimated though they play essential roles in many applications. This work evaluates reconstruction models regarding their adversarial robustness. We constructed two frameworks: a standard and a universal-attack framework. The standard framework requires an input to find its perturbation, and the universal-attack framework generates adversarial perturbation from the distribution of a dataset. Extensive experimental evidence discussed in this paper suggests that both frameworks can effectively alter how images are reconstructed and classified using classic reconstruction models trained on MNIST and Cropped Yale Face datasets. Further, these frameworks outperform state-of-the-art adversarial attacks. Moreover, we showcase using the proposed framework to retrain a reconstruction model to improve its resilience against adversarial perturbations. Furthermore, for the sake of reconstruction models, an attack may desire not to alter the latent space. Thus, we also include the analysis of the latent space.
Loading