TY - GEN
T1 - Enhancing Adversarial Robustness via Test-time Transformation Ensembling
AU - Perez, Juan C.
AU - Alfarra, Motasem
AU - Jeanneret, Guillaume
AU - Rueda, Laura
AU - Thabet, Ali
AU - Ghanem, Bernard
AU - Arbelaez, Pablo
N1 - Funding Information:
Acknowledgments. This work was partially supported by the King Abdullah University of Science and Technology (KAUST) Office of Sponsored Research.
Publisher Copyright:
© 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - Deep learning models are prone to being fooled by imperceptible perturbations known as adversarial attacks. In this work, we study how equipping models with Test-time Transformation Ensembling (TTE) can work as a reliable defense against such attacks. While transforming the input data, both at train and test times, is known to enhance model performance, its effects on adversarial robustness have not been studied. Here, we present a comprehensive empirical study of the impact of TTE, in the form of widely-used image transforms, on adversarial robustness. We show that TTE consistently improves model robustness against a variety of powerful attacks without any need for re-training, and that this improvement comes at virtually no trade-off with accuracy on clean samples. Finally, we show that the benefits of TTE transfer even to the certified robustness domain, in which TTE provides sizable and consistent improvements.
AB - Deep learning models are prone to being fooled by imperceptible perturbations known as adversarial attacks. In this work, we study how equipping models with Test-time Transformation Ensembling (TTE) can work as a reliable defense against such attacks. While transforming the input data, both at train and test times, is known to enhance model performance, its effects on adversarial robustness have not been studied. Here, we present a comprehensive empirical study of the impact of TTE, in the form of widely-used image transforms, on adversarial robustness. We show that TTE consistently improves model robustness against a variety of powerful attacks without any need for re-training, and that this improvement comes at virtually no trade-off with accuracy on clean samples. Finally, we show that the benefits of TTE transfer even to the certified robustness domain, in which TTE provides sizable and consistent improvements.
UR - http://www.scopus.com/inward/record.url?scp=85122450860&partnerID=8YFLogxK
U2 - 10.1109/ICCVW54120.2021.00015
DO - 10.1109/ICCVW54120.2021.00015
M3 - Conference contribution
AN - SCOPUS:85122450860
T3 - Proceedings of the IEEE International Conference on Computer Vision
SP - 81
EP - 91
BT - Proceedings - 2021 IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 18th IEEE/CVF International Conference on Computer Vision Workshops, ICCVW 2021
Y2 - 11 October 2021 through 17 October 2021
ER -