Shape Features Improve General Model Robustness
TL;DR: A unified model to improve model robustness against multiple tasks
Abstract: Recent studies show that convolutional neural networks (CNNs) are vulnerable under various settings, including adversarial examples, backdoor attacks, and distribution shifting. Motivated by the findings that human visual system pays more attention to global structure (e.g., shape) for recognition while CNNs are biased towards local texture features in images, we propose a unified framework EdgeGANRob based on robust edge features to improve the robustness of CNNs in general, which first explicitly extracts shape/structure features from a given image and then reconstructs a new image by refilling the texture information with a trained generative adversarial network (GAN). In addition, to reduce the sensitivity of edge detection algorithm to adversarial perturbation, we propose a robust edge detection approach Robust Canny based on the vanilla Canny algorithm. To gain more insights, we also compare EdgeGANRob with its simplified backbone procedure EdgeNetRob, which performs learning tasks directly on the extracted robust edge features. We find that EdgeNetRob can help boost model robustness significantly but at the cost of the clean model accuracy. EdgeGANRob, on the other hand, is able to improve clean model accuracy compared with EdgeNetRob and without losing the robustness benefits introduced by EdgeNetRob. Extensive experiments show that EdgeGANRob is resilient in different learning tasks under diverse settings.
Keywords: adversarial machine learning, robustness, backdoor attacks
Original Pdf: pdf
4 Replies
Loading