Adversarially Robust Classifier with Covariate Shift Adaptation. (arXiv:2102.05096v1 [cs.LG])

Existing adversarially trained models typically perform inference on test
examples independently from each other. This mode of testing is unable to
handle covariate shift in the test samples. Due to this, the performance of
these models often degrades significantly. In this paper, we show that simple
adaptive batch normalization (BN) technique that involves re-estimating the
batch-normalization parameters during inference, can significantly improve the
robustness of these models for any random perturbations, including the Gaussian
noise. This simple finding enables us to transform adversarially trained models
into randomized smoothing classifiers to produce certified robustness to
$ell_2$ noise. We show that we can achieve $ell_2$ certified robustness even
for adversarially trained models using $ell_{infty}$-bounded adversarial
examples. We further demonstrate that adaptive BN technique significantly
improves robustness against common corruptions, while often enhancing
performance against adversarial attacks. This enables us to achieve both
adversarial and corruption robustness for the same classifier.

Source: https://arxiv.org/abs/2102.05096

webmaster

Related post