Adversarial Detection by Latent Style Transformations

Machine learning models have demonstrated vulnerability to adversarial attacks, more specifically misclassification of examples. In this paper, we investigate an attack-agnostic defense against attacks on high-resolution images by detecting suspicious inputs. The intuition behind our approach is that the essential characteristics a normal image are generally consistent with non-essential style transformations, e.g., slightly changing facial expression human portraits. contrast, examples sensitive such transformations. detect instances, propose in\underline{V}ertible \underline{A}utoencoder based \underline{S}tyleGAN2 generator via \underline{A}dversarial training (VASA) inverse disentangled latent codes reveal hierarchical styles. We then build set edited copies transformations performing shifting and reconstruction, correspondences between classification-based consistency these used distinguish instances.