Defending Adversaries Using Unsupervised Feature Clustering VAE
2021-06-18ICML Workshop AML 2021Unverified0· sign in to hype
Cheng Zhang, Pan Gao
Unverified — Be the first to reproduce this paper.
ReproduceAbstract
We propose a modified VAE (variational autoencoder) as a denoiser to remove adversarial perturbations for image classification. Vanilla VAE's purpose is to make latent variables approximating normal distribution, which reduces the latent inter-class distance of data points. Our proposed VAE modifies this problem by adding a latent variable cluster. So the VAE can guarantee inter-class distance of latent variables and learn class-wised features. Our Feature Clustering VAE performs better on removing perturbations and reconstructing the image to defend adversarial attacks.