Retrieval-Augmented Convolutional Neural Networks for Improved Robustness against Adversarial Examples
This work addresses robustness issues in image classification models, but it appears incremental as it builds on existing mixup and retrieval methods.
The authors tackled the problem of adversarial examples in convolutional neural networks by proposing a retrieval-augmented architecture and local mixup training, resulting in improved robustness against five adversarial attacks on CIFAR-10, SVHN, and ImageNet datasets.
We propose a retrieval-augmented convolutional network and propose to train it with local mixup, a novel variant of the recently proposed mixup algorithm. The proposed hybrid architecture combining a convolutional network and an off-the-shelf retrieval engine was designed to mitigate the adverse effect of off-manifold adversarial examples, while the proposed local mixup addresses on-manifold ones by explicitly encouraging the classifier to locally behave linearly on the data manifold. Our evaluation of the proposed approach against five readily-available adversarial attacks on three datasets--CIFAR-10, SVHN and ImageNet--demonstrate the improved robustness compared to the vanilla convolutional network.