SlideShare a Scribd company logo

Capstone Design(2) 최종 발표

H
Hyunwoo Kim

This document summarizes research on defending against adversarial attacks on deep learning models. It describes using a denoising variational autoencoder (dVAE) to purify images that have been attacked. The dVAE is trained on the CIFAR-10 dataset using reconstruction loss, latent loss, and classification loss. It achieves an accuracy of 17% on attacked images, compared to 30% for the unmodified model, showing some ability to recover information lost due to the attack. However, the dVAE only captures low spatial frequency information and lacks the high resolution needed for accurate classification. Architectural limitations and a lack of leveraging prior knowledge are identified as reasons the defense was not fully successful.

Technology
Related topics:
Deep LearningComputer Vision Insights
1 of 29
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
D E F E N S E Against Adversarial Attacks B E T T E R F E L L O W
DEFENSE against Adversarial attacks
iPodBoat Perturbation Through the machine’s eye Adversarial Example or Attack
Cleanse the attacked image AutoEncoders Our Approach Our defense model ≈ 𝑓𝑖𝑙𝑡𝑒𝑟↓ Input: Attacked Image ↓ Expected Output: Purified Image
Auto Encoders CNN model Expected Result Boat Set back the effect of the perturbation Model to defend Our defense model
Research papers ATTACKS & DEFENSES
Adversarial examples are GENERALIZED upon different deep learning models Explaining and Harnessing Adversarial Examples I.J. Goodfellow et al. arXiv preprint arXiv:1412.6572, 2014
Universal Adversarial Perturbations S.M. Moosavi-Dezfooli et al. IEEE Conference on CVPR, 2017. There exists a subspace with lower dimensions that captures the decision boundaries
They fool classifiers mainly due to covariate shift. PixelDefend: Leveraging Generative Models to Understand and Defend against Adversarial Examples Y. Song et al. arXiv preprint arXiv:1710.10766, 2017.
I N T U I T I O N S & H Y P O T H E S I S • All image classifiers are approximating the same function in a specific task • There seems to be a latent subspace with lower dimensions for decision boundaries • Adversarial examples lie in low probability regions in the training distribution • If we are able to capture the latent subspace for the training distribution, we might be able to pull the adversarial examples back, near to its mean.
OUR Previous Toy EXPERIMENTS
Our Previous Toy EXPERIMENTS: Built from scratch 1 2 Convolutional Denoising Auto Encoder [dAE] Convolutional Variational Auto Encoder [VAE] It’s a five It’s a five ↓ Model to defend: LeNet-5↓ dAE ↓ VAE ↓ Model to defend: LeNet-5
Toy Defense Model Comparison Raw Attacked Denoised Reconstructed Conv dAE Conv VAE Output comparison
0 10 20 30 40 50 60 70 80 90 100 Raw Images Attacked Images Denoised Images Reconstructed Images 90 65 75 77 Accuracy comparison Toy Defense Model Comparison Conv dAE Conv VAE ▲ ▲
O U R M A I N E X P E R I M E N T
Our Main Experiment • Real Image Dataset: CIFAR-10 • Concentrate on architecture for VAE • Train defense models based on target model’s output • Black box defense • Use of better computation power • Base-line: PixelDefend’s 30% → 52%
Our Main Experiment: Built from scratch Z_mu, Z_logvar Sampled Epsilon Noise Added 16x16x128 8x8x256 4x4x256 1024 64 128 1024 4x4x256 8x8x256 16x16x128 32x32x6432x32x64 128 512512 2x2x512 32x32x3 32x32x3 Denoising Variational Auto-Encoder:= dAE + VAE = dVAE Im, D.J., et al. Denoising criterion for variational auto-encoding framework. Proceedings of AAAI: pp. 2059-2065, 2017. Architectural Reference: X. Yan et al., Attribute2Image: Conditional Image Generation from Visual Attributes. In ECCV, 2015. ↑ Input: Attacked Image ↓ Expected Output: Purified Image
Classification Result True Label Reconstruction Loss Latent Loss Classification Loss dVAE VGG16 Our Main Experiment: Overall Architecture • Reconstruction Loss: Binary Cross-entropy • Latent Loss: Kullback-Leibler Divergence • Classification Loss: Binary Cross-entropy ↑ Input: Attacked Image ↑ Expected Output: Purified Image • Learning rate: 3*10E-5 • Batch size: 32 • Epoch: 80 ← Raw Image
Our Main Experiment: CIFAR-10 Dataset RAW Images ATTACKED Images by Fast Gradient Sign Method Goodfellow, I.J., et al. Explaining and Harnessing Adversarial Examples. arXiv preprint arXiv:1412.6572, 2014.
RAW Images Accuracy 90% ATTACKED Images VGG16 VGG16 Accuracy 30% Our Main Experiment: CIFAR-10 Dataset
ATTACKED Images dVAE Our Main Experiment: CIFAR-10 Dataset VGG16 Accuracy 17% RAW Images dVAE VGG16 Accuracy 17%
Discussion One can conclude that the VAE(X. Yan, et al., 2015) is the problem Z_mu, Z_logvar Sampled Epsilon Noise Added 16x16x128 8x8x256 4x4x256 1024 64 128 1024 4x4x256 8x8x256 16x16x128 32x32x6432x32x64 128 512512 2x2x512 32x32x3 32x32x3 Architectural Reference: X. Yan et al., Attribute2Image: Conditional Image Generation from Visual Attributes. In ECCV, 2015.
Discussion However, the VAE did converge, and its output is identical to other so-called well-trained VAEs.
Discussion So, for the classifier to classify image correctly, it needs much more high spatial frequency information (≈ high resolution image)
Discussion VGG16 Accuracy 17% Only Low Spatial Frequency Information is given ≈ The proportion which Low Spatial Frequency information is contributing to the classification Accuracy 90% Loss of accuracy, due to the loss of High Spatial Frequency information
However, for humans with the prior knowledge, that there are 10 classes, and leveraging the low spatial frequency information, we are able to do better than the machine Discussion {Airplane, Car, Bird, Cat, Deer, Dog, Frog, Horse, Ship, Truck} ∴ A difference regarding our biological vision system
Conclusion • Not VAEs, but a more suitable generative model for high resolution • ex: Disco-GAN Why our model did not succeed • An architectural limitation of the Conv Nets • Not leveraging low spatial frequency information • No use of prior knowledge in the system Why adversarial attacks work
R E F E R E N C E S In appearance order • I.J. Goodfellow et al., Explaining and Harnessing Adversarial Examples. arXiv preprint arXiv:1412.6572, 2014. • S.M. Moosavi-Dezfooli et al. Universal Adversarial Perturbations. IEEE Conference on CVPR, 2017. • Y. Song et al. PixelDefend: Leveraging Generative Models to Understand and Defend against Adversarial Examples. arXiv preprint arXiv:1710.10766, 2017. • Y. LeCun et al., Gradient-Based Learning Applied to Document Recognition. Proceedings of the IEEE, 1998. • P. Vincent et al., Extracting and Composing Robust Features with Denoising Autoencoders. Proceedings of ICML, 2008. • X. Yan et al., Attribute2Image: Conditional Image Generation from Visual Attributes. In ECCV, 2015. • Im, D.J., et al. Denoising criterion for variational auto-encoding framework. Proceedings of AAAI: pp. 2059-2065, 2017.
THANK YOU René Magritte, The castle in the Pyrenees, 1959

More Related Content

PDF
Capstone Design(2) 중간 발표
Hyunwoo Kim
 
PDF
Modeling perceptual similarity and shift invariance in deep networks
NAVER Engineering
 
PDF
Universal Adversarial Perturbation
Hyunwoo Kim
 
PDF
Adversarial examples in deep learning (Gregory Chatel)
MeetupDataScienceRoma
 
PPT
MPerceptron
butest
 
PDF
Deep image generating models
Luba Elliott
 
PDF
[Explained] "Partial Success in Closing the Gap between Human and Machine Vis...
Sou Yoshihara
 
PDF
Deep Generative Models
Chia-Wen Cheng
 
Capstone Design(2) 중간 발표
Hyunwoo Kim
 
Modeling perceptual similarity and shift invariance in deep networks
NAVER Engineering
 
Universal Adversarial Perturbation
Hyunwoo Kim
 
Adversarial examples in deep learning (Gregory Chatel)
MeetupDataScienceRoma
 
MPerceptron
butest
 
Deep image generating models
Luba Elliott
 
[Explained] "Partial Success in Closing the Gap between Human and Machine Vis...
Sou Yoshihara
 
Deep Generative Models
Chia-Wen Cheng
 

Similar to Capstone Design(2) 최종 발표 (20)

PDF
Neural Architectures for Still Images - Xavier Giro- UPC Barcelona 2019
Universitat Politècnica de Catalunya
 
PDF
Robustness of compressed CNNs
Kaushalya Madhawa
 
PPTX
brief Introduction to Different Kinds of GANs
Parham Zilouchian
 
PPTX
Learning Biologically Relevant Features Using Convolutional Neural Networks f...
Ghent University Global Campus
 
PDF
EuroSciPy 2019 - GANs: Theory and Applications
Emanuele Ghelfi
 
PDF
Research of adversarial example on a deep neural network
NAVER Engineering
 
PDF
Bo Li-they’ve created images that reliably fool neural network
GeekPwn Keen
 
PDF
Semi-Targeted Model Poisoning Attack on Federated Learning via Backward Error...
YuweiSun5
 
PDF
GAN - Theory and Applications
Emanuele Ghelfi
 
PPT
The Concurrent Constraint Programming Research Programmes -- Redux
Pierre Schaus
 
PDF
AlexNet(ImageNet Classification with Deep Convolutional Neural Networks)
UMBC
 
PPTX
Black-Box attacks against Neural Networks - technical project presentation
Roberto Falconi
 
PPTX
AlexNet(ImageNet Classification with Deep Convolutional Neural Networks)
UMBC
 
PDF
Adversarial Attacks and Defenses in Deep Learning.pdf
MichelleHoogenhout
 
PPTX
[Paper Review] Audio adversarial examples
JaeSung Bae
 
PPTX
L7_finetuning on tamil technologies.pptx
Meganath7
 
PPTX
Regression vs Deep Neural net vs SVM
Ratul Alahy
 
PDF
Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...
polochau
 
PDF
Modeling documents with Generative Adversarial Networks - John Glover
Sebastian Ruder
 
PPTX
Obscenity Detection in Images
Anil Kumar Gupta
 
Neural Architectures for Still Images - Xavier Giro- UPC Barcelona 2019
Universitat Politècnica de Catalunya
 
Robustness of compressed CNNs
Kaushalya Madhawa
 
brief Introduction to Different Kinds of GANs
Parham Zilouchian
 
Learning Biologically Relevant Features Using Convolutional Neural Networks f...
Ghent University Global Campus
 
EuroSciPy 2019 - GANs: Theory and Applications
Emanuele Ghelfi
 
Research of adversarial example on a deep neural network
NAVER Engineering
 
Bo Li-they’ve created images that reliably fool neural network
GeekPwn Keen
 
Semi-Targeted Model Poisoning Attack on Federated Learning via Backward Error...
YuweiSun5
 
GAN - Theory and Applications
Emanuele Ghelfi
 
The Concurrent Constraint Programming Research Programmes -- Redux
Pierre Schaus
 
AlexNet(ImageNet Classification with Deep Convolutional Neural Networks)
UMBC
 
Black-Box attacks against Neural Networks - technical project presentation
Roberto Falconi
 
AlexNet(ImageNet Classification with Deep Convolutional Neural Networks)
UMBC
 
Adversarial Attacks and Defenses in Deep Learning.pdf
MichelleHoogenhout
 
[Paper Review] Audio adversarial examples
JaeSung Bae
 
L7_finetuning on tamil technologies.pptx
Meganath7
 
Regression vs Deep Neural net vs SVM
Ratul Alahy
 
Towards Secure and Interpretable AI: Scalable Methods, Interactive Visualizat...
polochau
 
Modeling documents with Generative Adversarial Networks - John Glover
Sebastian Ruder
 
Obscenity Detection in Images
Anil Kumar Gupta
 
Ad

More from Hyunwoo Kim (14)

PDF
서울대학교 IAB 강의 Pytorch(파이토치) CNN 실습 수업
Hyunwoo Kim
 
PDF
Curiosity-Bottleneck: Exploration by Distilling Task-Specific Novelty
Hyunwoo Kim
 
PDF
Abstractive Summarization of Reddit Posts with Multi-level Memory Networks
Hyunwoo Kim
 
PDF
Genetic Algorithm Project 2
Hyunwoo Kim
 
PDF
Sentiment Analysis Intro
Hyunwoo Kim
 
PDF
Two VWM representations simultaneously control attention
Hyunwoo Kim
 
PDF
Neural Networks Basics with PyTorch
Hyunwoo Kim
 
PDF
Capstone Design(2) 연구제안 발표
Hyunwoo Kim
 
PDF
Capstone Design(1) 최종 발표
Hyunwoo Kim
 
PDF
Capstone Design(1) 중간 발표
Hyunwoo Kim
 
PDF
Capstone Design(1) 연구제안 발표
Hyunwoo Kim
 
PDF
Neural Network Intro [인공신경망 설명]
Hyunwoo Kim
 
PDF
Random Forest Intro [랜덤포레스트 설명]
Hyunwoo Kim
 
PDF
Decision Tree Intro [의사결정나무]
Hyunwoo Kim
 
서울대학교 IAB 강의 Pytorch(파이토치) CNN 실습 수업
Hyunwoo Kim
 
Curiosity-Bottleneck: Exploration by Distilling Task-Specific Novelty
Hyunwoo Kim
 
Abstractive Summarization of Reddit Posts with Multi-level Memory Networks
Hyunwoo Kim
 
Genetic Algorithm Project 2
Hyunwoo Kim
 
Sentiment Analysis Intro
Hyunwoo Kim
 
Two VWM representations simultaneously control attention
Hyunwoo Kim
 
Neural Networks Basics with PyTorch
Hyunwoo Kim
 
Capstone Design(2) 연구제안 발표
Hyunwoo Kim
 
Capstone Design(1) 최종 발표
Hyunwoo Kim
 
Capstone Design(1) 중간 발표
Hyunwoo Kim
 
Capstone Design(1) 연구제안 발표
Hyunwoo Kim
 
Neural Network Intro [인공신경망 설명]
Hyunwoo Kim
 
Random Forest Intro [랜덤포레스트 설명]
Hyunwoo Kim
 
Decision Tree Intro [의사결정나무]
Hyunwoo Kim
 
Ad

Recently uploaded (20)

PDF
project resource management chapter-09.pdf
ssuser00e6e21
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PDF
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
project resource management chapter-09.pdf
ssuser00e6e21
 
Approach and Philosophy of On baking technology
30anthuong17
 
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 

Capstone Design(2) 최종 발표

  • 1. D E F E N S E Against Adversarial Attacks B E T T E R F E L L O W
  • 3. iPodBoat Perturbation Through the machine’s eye Adversarial Example or Attack
  • 4. Cleanse the attacked image AutoEncoders Our Approach Our defense model ≈ 𝑓𝑖𝑙𝑡𝑒𝑟↓ Input: Attacked Image ↓ Expected Output: Purified Image
  • 5. Auto Encoders CNN model Expected Result Boat Set back the effect of the perturbation Model to defend Our defense model
  • 7. Adversarial examples are GENERALIZED upon different deep learning models Explaining and Harnessing Adversarial Examples I.J. Goodfellow et al. arXiv preprint arXiv:1412.6572, 2014
  • 8. Universal Adversarial Perturbations S.M. Moosavi-Dezfooli et al. IEEE Conference on CVPR, 2017. There exists a subspace with lower dimensions that captures the decision boundaries
  • 9. They fool classifiers mainly due to covariate shift. PixelDefend: Leveraging Generative Models to Understand and Defend against Adversarial Examples Y. Song et al. arXiv preprint arXiv:1710.10766, 2017.
  • 10. I N T U I T I O N S & H Y P O T H E S I S • All image classifiers are approximating the same function in a specific task • There seems to be a latent subspace with lower dimensions for decision boundaries • Adversarial examples lie in low probability regions in the training distribution • If we are able to capture the latent subspace for the training distribution, we might be able to pull the adversarial examples back, near to its mean.
  • 12. Our Previous Toy EXPERIMENTS: Built from scratch 1 2 Convolutional Denoising Auto Encoder [dAE] Convolutional Variational Auto Encoder [VAE] It’s a five It’s a five ↓ Model to defend: LeNet-5↓ dAE ↓ VAE ↓ Model to defend: LeNet-5
  • 13. Toy Defense Model Comparison Raw Attacked Denoised Reconstructed Conv dAE Conv VAE Output comparison
  • 14. 0 10 20 30 40 50 60 70 80 90 100 Raw Images Attacked Images Denoised Images Reconstructed Images 90 65 75 77 Accuracy comparison Toy Defense Model Comparison Conv dAE Conv VAE ▲ ▲
  • 15. O U R M A I N E X P E R I M E N T
  • 16. Our Main Experiment • Real Image Dataset: CIFAR-10 • Concentrate on architecture for VAE • Train defense models based on target model’s output • Black box defense • Use of better computation power • Base-line: PixelDefend’s 30% → 52%
  • 17. Our Main Experiment: Built from scratch Z_mu, Z_logvar Sampled Epsilon Noise Added 16x16x128 8x8x256 4x4x256 1024 64 128 1024 4x4x256 8x8x256 16x16x128 32x32x6432x32x64 128 512512 2x2x512 32x32x3 32x32x3 Denoising Variational Auto-Encoder:= dAE + VAE = dVAE Im, D.J., et al. Denoising criterion for variational auto-encoding framework. Proceedings of AAAI: pp. 2059-2065, 2017. Architectural Reference: X. Yan et al., Attribute2Image: Conditional Image Generation from Visual Attributes. In ECCV, 2015. ↑ Input: Attacked Image ↓ Expected Output: Purified Image
  • 18. Classification Result True Label Reconstruction Loss Latent Loss Classification Loss dVAE VGG16 Our Main Experiment: Overall Architecture • Reconstruction Loss: Binary Cross-entropy • Latent Loss: Kullback-Leibler Divergence • Classification Loss: Binary Cross-entropy ↑ Input: Attacked Image ↑ Expected Output: Purified Image • Learning rate: 3*10E-5 • Batch size: 32 • Epoch: 80 ← Raw Image
  • 19. Our Main Experiment: CIFAR-10 Dataset RAW Images ATTACKED Images by Fast Gradient Sign Method Goodfellow, I.J., et al. Explaining and Harnessing Adversarial Examples. arXiv preprint arXiv:1412.6572, 2014.
  • 20. RAW Images Accuracy 90% ATTACKED Images VGG16 VGG16 Accuracy 30% Our Main Experiment: CIFAR-10 Dataset
  • 21. ATTACKED Images dVAE Our Main Experiment: CIFAR-10 Dataset VGG16 Accuracy 17% RAW Images dVAE VGG16 Accuracy 17%
  • 22. Discussion One can conclude that the VAE(X. Yan, et al., 2015) is the problem Z_mu, Z_logvar Sampled Epsilon Noise Added 16x16x128 8x8x256 4x4x256 1024 64 128 1024 4x4x256 8x8x256 16x16x128 32x32x6432x32x64 128 512512 2x2x512 32x32x3 32x32x3 Architectural Reference: X. Yan et al., Attribute2Image: Conditional Image Generation from Visual Attributes. In ECCV, 2015.
  • 23. Discussion However, the VAE did converge, and its output is identical to other so-called well-trained VAEs.
  • 24. Discussion So, for the classifier to classify image correctly, it needs much more high spatial frequency information (≈ high resolution image)
  • 25. Discussion VGG16 Accuracy 17% Only Low Spatial Frequency Information is given ≈ The proportion which Low Spatial Frequency information is contributing to the classification Accuracy 90% Loss of accuracy, due to the loss of High Spatial Frequency information
  • 26. However, for humans with the prior knowledge, that there are 10 classes, and leveraging the low spatial frequency information, we are able to do better than the machine Discussion {Airplane, Car, Bird, Cat, Deer, Dog, Frog, Horse, Ship, Truck} ∴ A difference regarding our biological vision system
  • 27. Conclusion • Not VAEs, but a more suitable generative model for high resolution • ex: Disco-GAN Why our model did not succeed • An architectural limitation of the Conv Nets • Not leveraging low spatial frequency information • No use of prior knowledge in the system Why adversarial attacks work
  • 28. R E F E R E N C E S In appearance order • I.J. Goodfellow et al., Explaining and Harnessing Adversarial Examples. arXiv preprint arXiv:1412.6572, 2014. • S.M. Moosavi-Dezfooli et al. Universal Adversarial Perturbations. IEEE Conference on CVPR, 2017. • Y. Song et al. PixelDefend: Leveraging Generative Models to Understand and Defend against Adversarial Examples. arXiv preprint arXiv:1710.10766, 2017. • Y. LeCun et al., Gradient-Based Learning Applied to Document Recognition. Proceedings of the IEEE, 1998. • P. Vincent et al., Extracting and Composing Robust Features with Denoising Autoencoders. Proceedings of ICML, 2008. • X. Yan et al., Attribute2Image: Conditional Image Generation from Visual Attributes. In ECCV, 2015. • Im, D.J., et al. Denoising criterion for variational auto-encoding framework. Proceedings of AAAI: pp. 2059-2065, 2017.
  • 29. THANK YOU René Magritte, The castle in the Pyrenees, 1959