JP2023176750A - Learning apparatus, learning method, and learning program - Google Patents

Abstract

To provide a learning apparatus, a learning method, and a learning program, configured to realize robustness of VAE (Variational AutoEncoder) composed of two models including an encoder and a decoder, for a hostile input sample.SOLUTION: A learning apparatus 10 includes: an estimation unit 15 which performs estimation using VAE 151 having an encoder which converts an input image into a low-dimensional latent variable and a decoder which reconstructs the input image from the latent variable to be output as an output image; a selection unit 12 which selects an original image from a group of images with class labels attached thereto, and randomly selects an arbitrary target image from an image dataset 11; a noise generation unit 13 which generates noise from the target image; a processing unit 14 which generates a processed image by adding the noise to the original image; and a learning unit 16 which executes learning of the VAE 151 using the class label of the original image as a training label, and the processed image as learning data.SELECTED DRAWING: Figure 3

Description

The present invention relates to a learning device, a learning method, and a learning program.

An adversarial example is an adversarial input sample that is created by adding a small artificial perturbation to certain data that cannot be perceived by humans, and is intended to disrupt the output of deep learning. It is. Adversarial examples were mainly discussed in the field of image classification problems using deep learning, but recently the existence of adversarial examples in various fields has been pointed out.

VAE (Variational AutoEncoder) is a deep learning architecture consisting of two models: an encoder and a decoder. VAE learns the data generation distribution by converting input data into low-dimensional latent variables using an encoder, and then performing learning to restore the input data from the latent variables using a decoder. For this reason, VAE is used for abnormality detection, which learns the generation distribution of normal data and discriminates data that deviates from it. Furthermore, since the latent variables transformed by VAE include features important for restoring data, the features transformed by VAE are used for various machine learning tasks.

Ian J. Goodfellow, and Jonathon Shlens & Christian Szegedy, “EXPLAINING AND HARNESSING ADVERSARIAL EXAMPLE”, [online], [searched on February 16, 2020], Internet <URL: https://arxiv.org/abs/ 1412.6572＞ Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu, “Towards Deep Learning Models Resistant to Adversarial Attacks”, [online], [Retrieved February 16, 2020], Internet <URL: https:/ /arxiv.org/abs/1706.06083＞ Diederik P. Kingma, and Max Welling, “Auto-Encoding Variational Bayes”, [online], [searched on February 16, 2020], Internet <URL: https://arxiv.org/abs/1312.6114> Jernej Kos, Ian Fischer, and Dawn Song, “ADVERSARIAL EXAMPLES FOR GENERATIVE MODELS”, [online], [searched on February 16, 2020], Internet <URL: https://arxiv.org/abs/1702.06832>

Here, the threat of Adversarial Example to VAE is suggested. An adversarial example against VAE is an attack that makes the data reconstructed from latent variables and decoders arbitrary data by adding perturbation (noise) to the input data. VAE is vulnerable to adversarial examples that add minute and artificial noise to input data, and the problem is that the output is disturbed. Specifically, this attack has tricked anomaly detectors that use VAE, and has threatened the reliability of various Down Stream tasks that utilize features extracted by VAE.

The present invention has been made in view of the above, and an object of the present invention is to provide a learning device, a learning method, and a learning program that realize a robust VAE for Adversarial Examples.

In order to solve the above-mentioned problems and achieve the objectives, the learning device includes an encoder that converts an input image into a low-dimensional latent variable, and a decoder that reconstructs the input image from the latent variables and outputs it as an output image. an estimation unit that performs estimation using VAE, a selection unit that selects an original image from a group of images each with a class label and randomly selects an arbitrary target image from the image group, and a selection unit that removes noise from the target image. A processing unit that generates a processed image by adding noise to the original image; and a learning unit that uses the class label of the original image as a teacher label and executes VAE learning using the processed image as learning data. It is characterized by

According to the present invention, robust VAE is realized for Adversarial Examples.

FIG. 1 is a diagram illustrating an overview of VAE. FIG. 2 is a diagram illustrating an Adversarial Example for VAE. FIG. 3 is a diagram schematically showing an example of the configuration of the learning device according to the first embodiment. FIG. 4 is a flowchart showing the processing procedure of the learning method according to the first embodiment. FIG. 5 is a visualization diagram of the latent variable space of a normal VAE model and a VAE model that has been subjected to adversarial training using the learning method according to the first embodiment. FIG. 6 is a diagram schematically showing an example of the configuration of a learning device according to the second embodiment. FIG. 7 is a flowchart showing the processing procedure of the learning method according to the second embodiment. FIG. 8 is a visualization diagram of the latent variable space of a normal VAE model and a VAE model that has undergone adversarial training using the learning methods according to the first and second embodiments. FIG. 9 is a diagram showing adaptation of VAE learned using the learning methods according to Embodiments 1 and 2 to the sign classification system. FIG. 10 is a diagram showing an example of a computer that executes a program.

Hereinafter, one embodiment of the present invention will be described in detail with reference to the drawings. Note that the present invention is not limited to this embodiment. In addition, in the description of the drawings, the same parts are denoted by the same reference numerals. In addition, in the following, when A, which is a vector or a matrix, is written as "^A", it is assumed that it is the same as "a symbol with "^" written directly above "A"".

[Embodiment 1]
In this embodiment, we propose a learning method that optimizes the adaptation of Adversarial Training (Non-Patent Document 2) to VAE for an Adversarial Example that causes VAE to make a false judgment by adding noise to data. Adversarial Training is a method of learning a model using Adversarial Examples as training data.

[symbol]
Table 1 shows details of each symbol used in the embodiment.

[VAE]
VAE will be explained. FIG. 1 is a diagram illustrating an overview of VAE. As shown in FIG. 1, VAE is composed of two models: an encoder and a decoder. The encoder compresses the input image x into low-dimensional latent variables z, and the decoder reconstructs the input image x from the latent variables z. The decoder outputs the reconstructed image as an output image ^x.

Thereby, the VAE learns the data generation distribution p(x). A conventional optimization function used for VAE learning is shown in equation (1). Conventionally, model parameters of encoders and decoders have been optimized using equation (1).

[Adversarial Example for VAE]
An adversarial example against VAE is an attack in which the latent variables and output image are changed to those of an arbitrary target image by adding artificial noise to the input image x shown in FIG. FIG. 2 is a diagram illustrating an Adversarial Example for VAE.

As shown in Figure 2, this attack uses noise that brings the latent variables of the KL (Kullback-Leibler) original image (hereinafter referred to as the original image), which is the input image, closer to the latent variables of the target image ^xt by KL divergence. (Adversarial Perturbation) This is done by generating d.

An outline of this attack is shown in equation (2).

In this attack, an image x ^adv obtained by adding noise d to the original image x is input to the VAE. In other words, in this attack, instead of the original image x with a large difference between the target image x ^t and the latent variable, an image x ^adv with a small difference between the target image x ^t and the latent variable is input to the VAE, and the target image x ^t is input from the VAE. An image x ^adv_rec close to . This attack not only causes false positives in anomaly detectors that use VAE, but also threatens the reliability of various Down Stream tasks that utilize features extracted by VAE.

[Learning device]
Next, a learning device according to Embodiment 1 will be explained. The learning device according to Embodiment 1 performs a learning method that optimizes the adaptation of Adversarial Training to VAE for Adversarial Examples that causes VAE to misjudge by adding noise to data. Achieve robust VAE.

FIG. 3 is a diagram schematically showing an example of the configuration of the learning device according to the first embodiment. In the learning device 10 according to the first embodiment, a predetermined program is loaded into a computer or the like including, for example, a ROM (Read Only Memory), a RAM (Random Access Memory), a CPU (Central Processing Unit), etc., and the CPU executes a predetermined program. This is achieved by running the program. Further, the learning device 10 has a communication interface for transmitting and receiving various information with other devices connected via a network or the like.

The learning device 10 according to the first embodiment includes an image data set 11, a selection section 12, a noise generation section 13, a processing section 14, an estimation section 15, and a learning section 16.

The estimation unit 15 uses the VAE 151 to estimate predetermined information based on the input image x. As shown in Figure 1, the VAE 151 includes an encoder that converts an input image x into a low-dimensional latent variable z, and a decoder that reconstructs the input image from the latent variable z and outputs the reconstructed image as an output image ^x. and has. The model parameter φ of the encoder and the model parameter θ of the decoder of the VAE 151 are optimized to be robust against the Adversarial Example by execution of learning by the learning unit 16 (described later).

The image data set 11 is a group of images each assigned a class label. The image dataset 11 is, for example, the MNIST (Modified National Institute of Standards and Technology) dataset ([online], [Reiwa 4 [Retrieved on February 16th], Internet <URL: https://arxiv.org/abs/1706.06083>).

The selection unit 12 selects an original image x and an arbitrary target image ^xt from the image data set 11. The selection unit 12 randomly selects any target image ^xt .
For example, the selection unit 12 selects an image of a handwritten numeral "3" as the original image x, and randomly selects any image of a handwritten numeral other than "3" as the target image ^xt . The original image x is an image that the VAE 151 wants to reconstruct. The target image ^xt is the target of the Adversarial Example. The target image ^xt is an image in which the Adversarial Example wants to change the latent variables and output image of the VAE 151 from those of the original image.

The noise generation unit 13 generates noise d from the original image x and the target image ^xt . The noise generation unit 13 generates noise by manipulating the pixels of the input image x so that the latent variable z of the input image x approaches the latent variable z when the target image ^xt is input. . Specifically, the noise generation unit 13 generates the noise d by optimizing equation (2).

The processing unit 14 generates a processed image x+d by adding noise d to the original image x. The processed image x+d becomes an Adversarial Example for VAE151 learning.

The learning unit 16 executes learning of the VAE 151 using the class label of the original image x as a teacher label and the processed image x+d generated by the processing unit 14 as learning data. The learning device 10 generates an Adversarial Example and performs learning of the VAE 151 using the generated Adversarial Example as learning data. The learning unit 16 performs VAE learning so that even if the processed image x+d is input to the VAE 151, an image close to the original image x is output from the VAE 151. The learning section 16 includes a parameter updating section 161 and a termination determining section 162.

The parameter update unit 161 executes learning of the VAE 151 using the class label of the original image x as a teacher label and the processed image x+d as learning data. The parameter updating unit 2161 receives the processed image x+d and updates the encoder model parameter φ and the decoder model parameter θ so as to output the original image x. The parameter updating unit 161 optimizes the encoder model parameter φ and the decoder model parameter θ using equation (3). Here, d is generated for a random target image ^xt .

The termination determination unit 162 terminates the learning process of the VAE 151 when a predetermined termination condition is satisfied. The termination conditions include, for example, when the loss becomes less than or equal to a predetermined threshold, when the number of parameter updates reaches a predetermined number, or when the amount of parameter updates becomes less than or equal to a predetermined threshold.

[Learning process]
Next, the learning method processing procedure executed by the learning device 10 will be explained. FIG. 4 is a flowchart showing the processing procedure of the learning method according to the first embodiment.

As shown in FIG. 4, in the learning device 10, the selection unit 12 selects an original image x and an arbitrary target image ^xt from the image data set 11 (step S1). The noise generation unit 13 generates noise d from the original image x and the target image ^xt (step S2). The processing unit 14 generates a processed image x+d by adding noise d to the original image x (step S3).

The learning unit 16 inputs the processed image x+d to the VAE 151, and causes the estimation unit 15 to estimate the reconstructed image (step S4). The learning unit 16 updates the encoder model parameter φ and the decoder model parameter θ using equation (3) (step S5).

The learning unit 16 then determines whether a predetermined termination condition is satisfied (step S6). If the predetermined end condition is not met (step S6: No), the learning device 10 returns to step S1. The learning device 10 trains the VAE 151 by repeating the processing of steps S1 to S5 until a predetermined termination condition is satisfied. If the predetermined termination condition is satisfied (step S6: Yes), the learning device 10 terminates the learning process of the VAE 151.

[Effects of Embodiment 1]
In the first embodiment, an Adversarial Example suitable for VAE Adversarial Training was generated and VAE learning was performed. Adversarial Training is a method of learning a model using Adversarial Examples as training data.

Generally, Adversarial Examples used in conventional Adversarial Training are created using non-target attacks. A non-target attack is one that creates an adversarial example so that the value of the model's error function becomes worse. That is, in general, adversarial training adds noise to input data that worsens the error function of the model.

On the other hand, the Adversarial Example against VAE is an attack in which there is a target image and the VAE is made to reconstruct this target image. In other words, an adversarial example for VAE is an attack that adds noise to the input image so that the original input image approaches a certain target image, and changes the latent variables and output image in VAE to those of the target image. It is. For this reason, the Adversarial Example for VAE differs greatly from the Adversarial Example created by conventional non-target attacks, and if applied as is, there would be a deviation in problem setting.

Therefore, in the first embodiment, a target image is randomly selected each time, and noise generated from the target image is added to the input image so that it approaches the selected target image. As a result, in the first embodiment, an Adversarial Example suitable for VAE was created, and Adversarial Training of the VAE 151 for the Adversarial Example was realized.

In the first embodiment, an Adversarial Example used for Adversarial Training is generated by randomly selecting a target image each time. As a result, in the embodiment, in order to be able to deal with a wide range of attack variations, VAE learning is performed by generating a wide range of noises in accordance with the attack variations.

Until now, the threat of Adversarial Example to VAE was known, but there was no way to protect against it. In the first embodiment, Adversarial Training can be applied to VAE, and robust VAE can be realized for Adversarial Example.

[Embodiment 2]
FIG. 5 is a visualization diagram of the latent variable space of a normal VAE model and a VAE model that has been subjected to adversarial training using the learning method according to the first embodiment. Figure 5 shows the latent variable space of VAE reduced to two dimensions, and the data is further divided by mark for each class label. As shown in Figure 5, in the latent variable space, the VAE model that has undergone Adversarial Training is different from the conventional normal model in that data with the same tendency is collected and data with different trends is trained differently. I know that there is. In the second embodiment, focusing on this, VAE learning is performed to further increase the distance in the latent variable space between different classes based on the latent variables transformed by VAE.

[Learning device]
FIG. 6 is a diagram schematically showing an example of the configuration of a learning device according to the second embodiment. The learning device 210 according to the second embodiment further includes a modification unit 212, unlike the learning device 10 shown in FIG. Further, the learning device 210 includes a learning section 16 instead of the learning section 16 shown in FIG.

In order to execute learning of the VAE 151 so as to further increase the distance in the latent variable space between different classes, the modification unit 212 adjusts the latent variable space to approach the probability distribution p'(z) as shown in equation (4). Modify the optimization function in equation (3).

The modification unit 212 first obtains a latent variable vector output by a trained normal VAE using equation (1), and obtains a vector obtained by averaging the obtained latent variable vectors for each class. The VAE from which the latent variable vector is acquired may be the VAE 151 of the estimating unit 15 as long as it is a trained VAE that has learned the prior distribution p _θ (z) of the latent variable as a standard Gaussian distribution, or it may be the VAE 151 of the estimation unit 15, or it may be any other VAE. It may be a VAE learned by the device.

The modification unit 212 calculates a vector obtained by averaging the acquired latent variable vectors for each class. The modification unit 212 calculates the average vector of latent variables for each class based on the acquired latent variable vector. The modification unit 212 sets p'(z) of the class to a Gaussian distribution with a variance of 1, in which the average vector for each class is multiplied by α, as shown in Equation (4). In other words, p'(z) has a different probability distribution for each class. Note that unless otherwise specified, α=2.

In this way, the modification unit 212 sets p'(z) for each class. That is, the modification unit 212 modifies equation (3) into an optimization function (formula (4)) that performs processing to change the average of the prior distribution p _θ (z) of the latent variables for each class of images. do.

In the learning unit 216, the parameter updating unit 2161 updates the encoder model parameter φ and the decoder model parameter θ of the VAE 151 using equation (4) modified by the modification unit 212.

[Learning process]
Next, the learning method processing procedure executed by the learning device 210 will be described. FIG. 7 is a flowchart showing the processing procedure of the learning method according to the second embodiment.

As shown in FIG. 7, the modification unit 212 executes learning of the VAE 151 to further increase the distance in the latent variable space between different classes, so that the latent variable space approaches the probability distribution p'(z). , the optimization function is modified as shown in equation (4) (step S11).

Steps S12 to S15 are the same processes as steps S1 to S4 shown in FIG. The parameter update unit 2161 updates the encoder model parameter φ and the decoder model parameter θ of the VAE 151 using equation (4) modified by the modification unit 212 (step S16). Step S17 is the same process as step S6 shown in FIG.

[Verification experiment]
The VAE learned in Embodiments 1 and 2 was actually verified. Table 2 shows the dataset and attack techniques used in the verification experiment.

In the verification experiment, the resistance of the VAE 151 trained using the learning methods according to the first and second embodiments to the Adversarial Example was verified. As described above, the Adversarial Example for VAE converts the reconstructed image into an arbitrary image different from the original image.

A normal VAE trained using equation (1), a VAE trained using the learning method according to Embodiment 1, and a VAE trained using the learning method according to Embodiment 2. Regarding VAE, the accuracy in image classification of reconstructed images was measured. If the model is weak, the reconstructed image will be a different image from the original label, and the classification accuracy will decrease; if the model is robust, the reconstructed image will be the same as the input image, so the true label will be reduced. It can be classified as follows. The experimental results are shown in Table 3.

As shown in Table 3, by performing the Adversarial Training described in Embodiment 1, the classification accuracy was able to be improved more than normal VAE. Furthermore, as described in the second embodiment, VAE that was trained to increase the distance between latent variables between different classes showed the best accuracy.

[Visualization of latent variable space]
FIG. 8 is a visualization diagram of the latent variable space of a normal VAE model and a VAE model that has undergone adversarial training using the learning methods according to the first and second embodiments.

As shown in FIG. 8, the latent variable space of the VAE model that underwent Adversarial Training using the learning method according to Embodiment 2 is different from that of the VAE model that underwent Adversarial Training using the learning method according to Embodiment 1. In comparison, the latent variables of the data are separated by class. Therefore, by performing adversarial training using the learning method according to the second embodiment, latent variables of data can be separated for each class, and classification accuracy can be improved.

[Effects of Embodiment 2]
In this way, in the second embodiment, by performing learning to increase the distance of latent variables between different classes, it is possible to realize a more robust VAE for the Adversarial Example.

[Application example]
FIG. 9 is a diagram showing adaptation of VAE learned using the learning methods according to Embodiments 1 and 2 to the sign classification system.

Self-driving cars use on-board cameras to photograph and recognize road signs, which are then used to control the vehicle. At this time, the image data of the sign captured by the in-vehicle camera is classified as to which sign the image data is by an image classification system using a deep learning model including VAE. If an Adversarial Example attack is carried out against the deep learning model in the traffic sign classification system, it will cause the wrong traffic sign information to be recognized and the vehicle will be controlled based on that information, which could lead to an accident. .

Therefore, such a risk can be prevented by incorporating VAE learned using the learning method according to Embodiments 1 and 2 as a feature extraction function. By incorporating the VAE learned using the learning method according to Embodiments 1 and 2, it is possible to appropriately extract the characteristics of the sign image that were originally desired to be recognized without being influenced by the Adversarial Example. . This makes it possible to prevent the influence of Adversarial Examples on the deep learning model that classifies signs.

[About the system configuration of the embodiment]
Each component of the learning devices 10, 210 is functionally conceptual, and does not necessarily need to be physically configured as illustrated. In other words, the specific form of distributing and integrating the functions of the learning devices 10 and 210 is not limited to what is shown in the drawings, and all or part of them can be functionally or It can be physically distributed or integrated.

Further, each process performed in the learning devices 10 and 210 may be implemented in whole or in part by a CPU, a GPU (Graphics Processing Unit), or a program that is analyzed and executed by the CPU or GPU. Moreover, each process performed in the learning devices 10 and 210 may be realized as hardware using wired logic.

Furthermore, among the processes described in the embodiments, all or part of the processes described as being performed automatically can also be performed manually. Alternatively, all or part of the processes described as being performed manually can also be performed automatically using known methods. In addition, the information including the processing procedures, control procedures, specific names, and various data and parameters described above and illustrated can be changed as appropriate, unless otherwise specified.

[program]
FIG. 7 is a diagram showing an example of a computer on which the learning device 10, 210 is realized by executing a program. Computer 1000 includes, for example, a memory 1010 and a CPU 1020. The computer 1000 also includes a hard disk drive interface 1030, a disk drive interface 1040, a serial port interface 1050, a video adapter 1060, and a network interface 1070. These parts are connected by a bus 1080.

Memory 1010 includes ROM 1011 and RAM 1012. The ROM 1011 stores, for example, a boot program such as BIOS (Basic Input Output System). Hard disk drive interface 1030 is connected to hard disk drive 1090. Disk drive interface 1040 is connected to disk drive 1100. For example, a removable storage medium such as a magnetic disk or an optical disk is inserted into disk drive 1100. Serial port interface 1050 is connected to, for example, mouse 1110 and keyboard 1120. Video adapter 1060 is connected to display 1130, for example.

The hard disk drive 1090 stores, for example, an OS (Operating System) 1091, application programs 1092, program modules 1093, and program data 1094. That is, a program that defines each process of the learning devices 10 and 210 is implemented as a program module 1093 in which code executable by the computer 1000 is written. Program module 1093 is stored in hard disk drive 1090, for example. For example, a program module 1093 for executing processing similar to the functional configuration in the learning device 10 or 210 is stored in the hard disk drive 1090. Note that the hard disk drive 1090 may be replaced by an SSD (Solid State Drive).

Further, the setting data used in the processing of the embodiment described above is stored as program data 1094 in, for example, the memory 1010 or the hard disk drive 1090. Then, the CPU 1020 reads out the program module 1093 and program data 1094 stored in the memory 1010 and the hard disk drive 1090 to the RAM 1012 as necessary and executes them.

Note that the program module 1093 and the program data 1094 are not limited to being stored in the hard disk drive 1090, but may be stored in a removable storage medium, for example, and read by the CPU 1020 via the disk drive 1100 or the like. Alternatively, program module 1093 and program data 1094 may be stored in another computer connected via a network (LAN (Local Area Network), WAN (Wide Area Network), etc.). The program module 1093 and program data 1094 may then be read by the CPU 1020 from another computer via the network interface 1070.

Although the embodiments applying the invention made by the present inventor have been described above, the present invention is not limited to the description and drawings that form part of the disclosure of the present invention according to the present embodiments. That is, all other embodiments, examples, operational techniques, etc. made by those skilled in the art based on this embodiment are included in the scope of the present invention.

10,210 Learning device 11 Image dataset 12 Selection unit 13 Noise generation unit 14 Processing unit 15 Estimation unit 16,216 Learning unit 151 VAE
161, 2161 Parameter update unit 162 End determination unit 212 Modification unit

Claims (7)

an estimating unit that performs estimation using a VAE (Variational AutoEncoder) having an encoder that converts an input image into a low-dimensional latent variable, and a decoder that reconstructs the input image from the latent variable and outputs it as an output image;
a selection unit that selects an original image from a group of images each assigned a class label, and randomly selects an arbitrary target image from the group of images;
a generation unit that generates noise from the target image;
a processing unit that generates a processed image by adding the noise to the original image;
a learning unit that executes the VAE learning using the class label of the original image as a teacher label and the processed image as learning data;
A learning device characterized by having: The generation unit generates the noise by manipulating pixels of the input image so that a latent variable of the input image approaches a latent variable when inputting the target image. The learning device according to claim 1. 3. The learning device according to claim 1, wherein the learning unit learns the VAE to increase the distance in the latent variable space between different classes based on the latent variables transformed by the VAE. 4. The learning unit updates the model parameters of the VAE using an optimization function that performs processing to change the average of the prior distribution of the latent space for each class of images. The learning device described. A vector is calculated by averaging the latent variable vectors output by the trained VAE, which has learned the prior distribution of the latent variable as a standard Gaussian distribution, for each class, and the vector obtained by multiplying the averaged vector for each class by a predetermined number is averaged. 5. The learning device according to claim 4, further comprising a modification unit that sets a Gaussian distribution with a variance of 1 as the prior distribution of the latent variable of the class and modifies the optimization function. A learning method executed by a learning device, comprising:
selecting an original image from a group of images each assigned a class label, and randomly selecting an arbitrary target image from the group of images;
generating noise from the target image;
generating a processed image by adding the noise to the original image;
An encoder that converts an input image into a low-dimensional latent variable using the class label of the original image as a teacher label and the processed image as learning data, and a decoder that reconstructs the input image from the latent variable and outputs it as an output image. A step of executing learning of VAE (Variational AutoEncoder) having
A learning method characterized by including. selecting an original image from a group of images each assigned a class label, and randomly selecting an arbitrary target image from the group of images;
generating noise from the target image;
generating a processed image by adding the noise to the original image;
An encoder that converts an input image into a low-dimensional latent variable using the class label of the original image as a teacher label and the processed image as learning data, and a decoder that reconstructs the input image from the latent variable and outputs it as an output image. a step of performing learning of VAE (Variational AutoEncoder) having
A learning program for making a computer execute

Images