Robustness in GANs and in Black-box Optimization Stefanie Jegelka - PowerPoint PPT Presentation

Robustness in GANs and in Black-box Optimization Stefanie Jegelka 
 MIT CSAIL joint work with Zhi Xu, Chengtao Li, 
 Ilija Bogunovic, Jonathan Scarlett and Volkan Cevher

Robustness in ML “noise” Generator One unit is enough! Critic Representational Power 
 Robustness 
 in Deep Learning in GANs 3 2 1 0 -1 -2 Robust Optimization, 
 -3 -2 -1 0 1 2 Generalization, 
 Robust Black-Box 
 Discrete & Nonconvex 
 Optimization Optimization


 Generative Adversarial Networks • attack: 
 G ( z ) with probability p<0.5 , 
 discriminator’s output 
 random 
 is manipulated z Generator “noise” • generator doesn’t 
 know which feedback 
 Discriminator is honest D ( x ) , D ( G ( z )) x real data discriminator: 
 max V ( G, D ) D generator: min V ( G, A ( D )) min max V ( G, D ) G G D

Generative Adversarial Networks G ( z ) • attack: 
 with probability p<0.5 , 
 discriminator’s output 
 random 
 z Generator “noise” is manipulated • generator doesn’t 
 Discriminator know which feedback 
 D ( x ) , D ( G ( z )) is honest x real data ( 1 − D ( x ) with probability p A ( D ( x )) = D ( x ) otherwise. Theorem : If adversary does a simple sign flip, then standard GAN no longer learns the right distribution.