Enhancing Adversarial Robustness via Test-time Transformation Ensembling
About
Deep learning models are prone to being fooled by imperceptible perturbations known as adversarial attacks. In this work, we study how equipping models with Test-time Transformation Ensembling (TTE) can work as a reliable defense against such attacks. While transforming the input data, both at train and test times, is known to enhance model performance, its effects on adversarial robustness have not been studied. Here, we present a comprehensive empirical study of the impact of TTE, in the form of widely-used image transforms, on adversarial robustness. We show that TTE consistently improves model robustness against a variety of powerful attacks without any need for re-training, and that this improvement comes at virtually no trade-off with accuracy on clean samples. Finally, we show that the benefits of TTE transfer even to the certified robustness domain, in which TTE provides sizable and consistent improvements.
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Image Classification | FGVCAircraft | Accuracy20.19 | 261 | |
| Image Classification | StanfordCars | Robust Accuracy26.6 | 91 | |
| Image Classification | CIFAR10 | Accuracy84.74 | 91 | |
| Image Classification | Caltech256 | Accuracy (Clean)82.49 | 69 | |
| Zero-shot Classification | CIFAR100 | -- | 65 | |
| Zero-shot Classification | CIFAR10 | Top-1 Clean Acc85.5 | 62 | |
| Image Classification | OxfordPets | Robust Accuracy50.33 | 57 | |
| Image Classification | Flowers102 | Clean Accuracy81.6 | 49 | |
| Image Classification | Food101 | Robust Accuracy43.94 | 49 | |
| Classification | PCAM | Clean Accuracy54.5 | 39 |