Treating Adversarial and Natural Noise Equally: Building a Robust Network for Unified Resilience

Download PDF

TMLR Paper1597 Authors

19 Sept 2023 (modified: 15 Jan 2024)Rejected by TMLREveryoneRevisionsBibTeX
Abstract: The susceptibility of deep recognition algorithms to image degradation exacerbates the disparity between their performance and the resilience of human perception. Such degradations can either be deliberately crafted or naturally occurring. Although both categories of corruption yield similar adverse effects, existing literature has typically treated them separately. We contend that addressing these degradations separately is not conducive to the development of a universally secure and robust system. In this research, we address both types of image degradation, referred to as common corruptions and adversarial perturbations, within a unified framework termed as the URoNet. The proposed framework encompasses the following aspects: (i) detecting degraded samples, (ii) mitigating the impact of these degradations, and (iii) establishing potential connections between different forms of degradation. This research introduces a universal framework that employs the URoNET to protect deep learning algorithms from both common/natural and adversarial corruptions. We emphasize the significance not only of the degradations themselves but also of their severity, as they can widen variations within and between classes. Extensive experiments are conducted on various datasets and degradation scenarios, encompassing both seen and unseen settings, to illustrate the effectiveness of the proposed framework.
Submission Length: Long submission (more than 12 pages of main content)
Changes Since Last Submission: We would like to express our gratitude to the editor for affording us the opportunity to address the concerns raised by the reviewers. In response to their feedback, we have meticulously revised the paper and implemented the following significant changes: * Updated the paper's title to accurately reflect its scope, as suggested by one of the reviewers. * Conducted a thorough proofreading of the manuscript and included additional explanations clarifying the meaning of key concepts, including 'degradations,' and elucidated the motivation behind the proposed detection and noise remover network. * Expanded the comparative analysis with several state-of-the-art defense algorithms designed to handle adversarial perturbations and common corruptions, as shown in Tables 11 and 14.
Assigned Action Editor: ~Kuldeep_S._Meel2
Submission Number: 1597