The tremendous success of neural networks is clouded by the existence of adversarial examples: maliciously engineered inputs can cause neural networks to perform abnormally, causing security and trustworthiness concerns. This thesis will present some progress on an alternative approach for robustly classifying images. Generative classifiers use generative models for image classification, showing better robustness than discriminative classifiers. However, generative classifiers face some unique challenges when images are complex. This thesis will present an analysis of these challenges and remedies.

Generative classifiers suffer from out-of-domain reconstructions: overpowered generators can generate images out of the training distribution. This thesis demonstrates a method to address out-of-domain reconstructions in generative classifiers. Combined with other extensions, our method has successfully extended generative classifiers from robustly recognizing simple digits to classifying structured colored images. Besides, this thesis conducts a systematic analysis of out-of-domain reconstructions on CIFAR10 and ImageNet and presents a method to address this problem on these realistic images.

Another challenge of generative classifiers is measuring image similarity. This thesis will demonstrate that similarity measurements are critical for complex images such as CIFAR10 and ImageNet. It also presents a metric that has significantly improved generative classifiers on complex images.

The challenges of generative classifiers come from modeling image distributions. Discriminative models do not have such challenges because they model label distribution instead of image distribution. Therefore, the last part of this thesis is dedicated to a method that connects the two worlds. With the help of randomized smoothing, the new generative method leverages discriminative models and model image distribution under noises. Experiments showed that such a method improves the robustness of unprotected models, suggesting a promising direction for connecting the world of generative models and discriminative models.




Download Full History