Enhancing Adversarial Robustness via Test-time Transformation Ensembling
About
Deep learning models are prone to being fooled by imperceptible perturbations known as adversarial attacks. In this work, we study how equipping models with Test-time Transformation Ensembling (TTE) can work as a reliable defense against such attacks. While transforming the input data, both at train and test times, is known to enhance model performance, its effects on adversarial robustness have not been studied. Here, we present a comprehensive empirical study of the impact of TTE, in the form of widely-used image transforms, on adversarial robustness. We show that TTE consistently improves model robustness against a variety of powerful attacks without any need for re-training, and that this improvement comes at virtually no trade-off with accuracy on clean samples. Finally, we show that the benefits of TTE transfer even to the certified robustness domain, in which TTE provides sizable and consistent improvements.
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Image Classification | Flowers102 | Clean Accuracy81.6 | 49 | |
| Image Classification | StanfordCars | Clean Accuracy73.4 | 40 | |
| Classification | PCAM | Clean Accuracy54.5 | 39 | |
| Image Classification | CIFAR10 | Clean Accuracy92.3 | 37 | |
| Classification | FGVCAircraft | Robust Accuracy6.23 | 30 | |
| Image Classification | CIFAR100 | Clean Accuracy72.9 | 27 | |
| Image Classification | OxfordPets | Robust Accuracy36 | 27 | |
| Image Classification | Food101 | Clean Accuracy89.8 | 25 | |
| Image Classification | General-ImageNet | Clean Accuracy86.1 | 20 | |
| Image Classification | Country211 | Clean Accuracy26.2 | 20 |