Treating Adversarial and Natural Noise Equally: Building a Robust Network for Unified Resilience
Abstract: The susceptibility of deep recognition algorithms to image degradation exacerbates the disparity between their performance and the resilience of human perception. Such degradations can either be deliberately crafted or naturally occurring. Although both categories of corruption yield similar adverse effects, existing literature has typically treated them separately. We contend that addressing these degradations separately is not conducive to the development of a universally secure and robust system. In this research, we address both types of image degradation, referred to as common corruptions and adversarial perturbations, within a unified framework termed as the URoNet. The proposed framework encompasses the following aspects: (i) detecting degraded samples, (ii) mitigating the impact of these degradations, and (iii) establishing potential connections between different forms of degradation. This research introduces a universal framework that employs the URoNET to protect deep learning algorithms from both common/natural and adversarial corruptions. We emphasize the significance not only of the degradations themselves but also of their severity, as they can widen variations within and between classes. Extensive experiments are conducted on various datasets and degradation scenarios, encompassing both seen and unseen settings, to illustrate the effectiveness of the proposed framework.
Submission Length: Long submission (more than 12 pages of main content)
Previous TMLR Submission Url: https://openreview.net/forum?id=d6yTn3p0x0&referrer=%5BAuthor%20Console%5D(%2Fgroup%3Fid%3DTMLR%2FAuthors%23your-submissions)
Changes Since Last Submission: We would like to express our gratitude to the editor for allowing us to address the concerns raised by the reviewers. In response to their feedback, we have meticulously revised the paper and implemented the following significant changes:
1. We would like to highlight that the proposed novel multi-task encoder-encoder + classification architecture not only detects corruption but also mitigates the impact of corruption to enhance recognition performance. Apart from that the distinction between the proposed work and several existing works is highlighted in the paper and the response document.
2. Conducted a thorough proofreading of the manuscript and included additional explanations clarifying the meaning of key concepts, including 'degradations,' and elucidated the motivation behind the proposed detection and noise remover network.
3. Expanded the comparative analysis with several state-of-the-art defense algorithms designed to handle adversarial perturbations and common corruptions, as shown in Tables 11 and 14.
Assigned Action Editor: ~Blake_Aaron_Richards1
Submission Number: 3672
Loading