The generative autoencoders, such as the variational autoencoders or the adversarial autoencoders, have achieved great success in lots of real-world applications, including image generation, and signal communication. However, little concern has been devoted to their robustness during practical deployment. Due to the probabilistic latent structure, variational autoencoders (VAEs) may confront problems such as a mismatch between the posterior distribution of the latent and real data manifold, or discontinuity in the posterior distribution of the latent. This leaves a back door for malicious attackers to collapse VAEs from the latent space, especially in scenarios where the encoder and decoder are used separately, such as communication and compressed sensing. In this work, we provide the first study on the adversarial robustness of generative autoencoders in the latent space. Specifically, we empirically demonstrate the latent vulnerability of popular generative autoencoders through attacks in the latent space. We also evaluate the difference between variational autoencoders and their deterministic variants and observe that the latter performs better in latent robustness. Meanwhile, we identify a potential trade-off between the adversarial robustness and the degree of the disentanglement of the latent codes. Additionally, we also verify the feasibility of improvement for the latent robustness of VAEs through adversarial training. In summary, we suggest concerning the adversarial latent robustness of the generative autoencoders, analyze several robustness-relative issues, and give some insights into a series of key challenges.

翻译：生成式自编码器（如变分自编码器或对抗自编码器）在图像生成、信号通信等众多实际应用中取得了巨大成功。然而，在实际部署过程中，其鲁棒性却鲜少受到关注。由于概率性隐空间结构的存在，变分自编码器（VAEs）可能面临隐空间后验分布与真实数据流形不匹配、或隐空间后验分布不连续等问题。这为恶意攻击者从隐空间层面破坏VAEs留下了后门，特别是在编码器与解码器被独立使用的场景下（如通信与压缩感知）。在本工作中，我们首次针对生成式自编码器在隐空间中的对抗鲁棒性展开研究。具体而言，我们通过隐空间攻击实验，实证揭示了主流生成式自编码器的隐空间脆弱性。同时，我们评估了变分自编码器与其确定性变体之间的差异，并观察到后者在隐空间鲁棒性方面表现更优。此外，我们还识别出对抗鲁棒性与隐编码解耦程度之间潜在存在的权衡关系。进一步地，我们验证了通过对抗训练提升VAEs隐空间鲁棒性的可行性。综上，我们建议关注生成式自编码器的对抗隐空间鲁棒性，分析了若干与鲁棒性相关的问题，并针对一系列关键挑战提出了见解。