Causal Disentanglement for Adversarial Defense
Files
(Published version)
Date
2024
Authors
Park, J.Y.
Liu, L.
Liu, J.
Li, J.
Editors
Liu, T.
Advisors
Journal Title
Journal ISSN
Volume Title
Type:
Book chapter
Citation
Event/exhibition information: 36th Australasian Joint Conference on Artificial Intelligence, AJCAI 2023, Brisbane, Australia, 28/11/2023 - 01/12/2023
Source details - Title: Australasian Joint Conference on Artificial Intelligence AI 2023: AI 2023: Advances in Artificial Intelligence, 2024 / Liu, T. (ed./s), vol.14471 LNAI, Ch.25, pp.315-327
Statement of Responsibility
Conference Name
Abstract
Representation learning that seeks the high accuracy of a classifier is a key contribute to the success of state-of-the-art DNNs. However, DNNs face the threat of adversarial attacks and their robustness is in peril. While the adversarial defense has been widely studied, much of the research is based on a statistical association and causality based defense approach is a relatively open area. We present CDAD (C̲ ausal D̲ isentanglement for A̲ dversarial D̲ efense), a novel defense method that learns and utilizes causal representations for robust prediction. We take inspiration from a recent study that takes a causal perspective on the adversarial problem and considers the susceptibility of DNNs to adversarial examples come from their reliance on spurious associations between non-causal features and labels, such that an adversary exploits the associations to succeed in the attack. Causal representations are robust as the causal relationship between a cause of the label and the label is invariant under different environments. However, discovering causal representations is a challenging task, especially in the context of image data. Harnessing the recent advancement in representation learning with VAE (Variational AutoEncoder), we design CDAD as a VAE based causal disentanglement representation learning method to decouple causal and non-causal representations. CADA uses the invariance property of causal features as a constraint in the disentanglement of causal features and non-causal features. Experimental results show CDAD’s highly competitive performance compared to the state-of-the-art defense methods, while possessing a causal foundation.
School/Discipline
Dissertation Note
Provenance
Description
Access Status
Rights
Copyright 2024 The Author(s), under exclusive license to Springer Nature
Access Condition Notes: Accepted manuscript available after 1 January 2025