ClustTR: Clustering Training for Robustness

06/13/2020

∙

This paper studies how encouraging semantically-aligned features during deep neural network training can increase network robustness. Recent works observed that Adversarial Training leads to robust models, whose learnt features appear to correlate with human perception. Inspired by this connection from robustness to semantics, we study the complementary connection: from semantics to robustness. To do so, we provide a tight robustness certificate for distance-based classification models (clustering-based classifiers), which we leverage to propose ClusTR (Clustering Training for Robustness), a clustering-based and adversary-free training framework to learn robust models. Interestingly, ClusTR outperforms adversarially-trained networks by up to 4% under strong PGD attacks. Moreover, it can be equipped with simple and fast adversarial training to improve the current state-of-the-art in robustness by 16%-29% on CIFAR10, SVHN, and CIFAR100.

READ FULL TEXT

ClustTR: Clustering Training for Robustness

Semantic Robustness of Models of Source Code

Improving Adversarial Robustness by Enforcing Local and Global Compactness

Towards Understanding Fast Adversarial Training

Adversarial Robustness through Local Linearization

On the Benefits of Models with Perceptually-Aligned Gradients

ROMark: A Robust Watermarking System Using Adversarial Training

Last Layer Re-Training is Sufficient for Robustness to Spurious Correlations

ClustTR: Clustering Training for Robustness

Related Research

Semantic Robustness of Models of Source Code

Improving Adversarial Robustness by Enforcing Local and Global Compactness

Towards Understanding Fast Adversarial Training

Adversarial Robustness through Local Linearization

On the Benefits of Models with Perceptually-Aligned Gradients

ROMark: A Robust Watermarking System Using Adversarial Training

Last Layer Re-Training is Sufficient for Robustness to Spurious Correlations