Robustness in GANs and in Black-box Optimization Stefanie Jegelka MIT CSAIL joint work with Zhi Xu, Chengtao Li, Ilija Bogunovic, Jonathan Scarlett and Volkan Cevher
Robustness in ML “noise” Generator One unit is enough! Critic Representational Power Robustness in Deep Learning in GANs 3 2 1 0 -1 -2 Robust Optimization, -3 -2 -1 0 1 2 Generalization, Robust Black-Box Discrete & Nonconvex Optimization Optimization
Generative Adversarial Networks • attack: G ( z ) with probability p<0.5 , discriminator’s output random is manipulated z Generator “noise” • generator doesn’t know which feedback Discriminator is honest D ( x ) , D ( G ( z )) x real data discriminator: max V ( G, D ) D generator: min V ( G, A ( D )) min max V ( G, D ) G G D
Generative Adversarial Networks G ( z ) • attack: with probability p<0.5 , discriminator’s output random z Generator “noise” is manipulated • generator doesn’t Discriminator know which feedback D ( x ) , D ( G ( z )) is honest x real data ( 1 − D ( x ) with probability p A ( D ( x )) = D ( x ) otherwise. Theorem : If adversary does a simple sign flip, then standard GAN no longer learns the right distribution.
Recommend
More recommend
