Timezone: »
There is a rising interest in studying the robustness of deep neural network classifiers against adversaries, with both advanced attack and defence techniques being actively developed. However, most recent work focuses on discriminative classifiers, which only model the conditional distribution of the labels given the inputs. In this paper, we propose and investigate the deep Bayes classifier, which improves classical naive Bayes with conditional deep generative models. We further develop detection methods for adversarial examples, which reject inputs with low likelihood under the generative model. Experimental results suggest that deep Bayes classifiers are more robust than deep discriminative classifiers, and that the proposed detection methods are effective against many recently proposed attacks.
Author Information
Yingzhen Li (Microsoft Research Cambridge)
John Bradshaw (University of Cambridge)
Yash Sharma (Universitat Tubingen/CIN)
Related Events (a corresponding poster, oral, or spotlight)
-
2019 Poster: Are Generative Classifiers More Robust to Adversarial Attacks? »
Thu. Jun 13th 01:30 -- 04:00 AM Room Pacific Ballroom #3
More from the Same Authors
-
2020 : Spotlight Talk (4): Barking up the right tree: an approach to search over molecule synthesis DAGs »
John Bradshaw -
2019 : Invited Talk - Yingzhen Li: Gradient estimation for implicit models with Stein's method. »
Yingzhen Li -
2019 Poster: Variational Implicit Processes »
Chao Ma · Yingzhen Li · Jose Miguel Hernandez-Lobato -
2019 Oral: Variational Implicit Processes »
Chao Ma · Yingzhen Li · Jose Miguel Hernandez-Lobato