Towards a theoretical understanding of the robustness of variational autoencoders

Conference item

We make inroads into understanding the robustness of Variational Autoencoders (VAEs) to adversarial attacks and other input perturbations. While previous work has developed algorithmic approaches to attacking and defending VAEs, there remains a lack of formalization for what it means for a VAE to be robust. To address this, we develop a novel criterion for robustness in probabilistic models: r -robustness. We then use this to construct the first theoretical results for the robustness of VAEs, deriving margins in the input space for which we can provide guarantees about the resulting reconstruction. Informally, we are able to define a region within which any perturbation will produce a reconstruction that is similar to the original reconstruction. To support our analysis, we show that VAEs trained using disentangling methods not only score well under our robustness metrics, but that the reasons for this can be interpreted through our theoretical results.

Authors: Camuto, A; Willetts, M; Roberts, S; Holmes, C; Rainforth, T

• Publication status: Published
• Peer review status: Peer reviewed
• Publisher: Journal of Machine Learning Research
• Pages: 3565-3573
• Series: Proceedings of Machine Learning Research
• Series number: 130
• Publication date: 2021-03-18
• Acceptance date: 2021-01-14
• Event title: 24th International Conference on Artificial Intelligence and Statistics (AISTATS 2021)
• Event location: San Diego, California, USA
• Event website: https://aistats.org/aistats2021/
• Event start date: 2021-04-13
• Event end date: 2021-04-15
• ISSN: 2640-3498
• Language: English
• Keywords: FFR