Dropping Pixels for Adversarial Robustness
This addresses the problem of adversarial robustness for deep learning models, offering a method that improves robustness without adversarial training, though it is incremental as it builds on existing subsampling techniques.
The paper tackles the vulnerability of deep neural networks to adversarial examples by training and testing with randomly subsampled images at high drop rates, resulting in significant robustness improvements against L0, L2, and L_inf perturbations while only slightly reducing standard accuracy.
Deep neural networks are vulnerable against adversarial examples. In this paper, we propose to train and test the networks with randomly subsampled images with high drop rates. We show that this approach significantly improves robustness against adversarial examples in all cases of bounded L0, L2 and L_inf perturbations, while reducing the standard accuracy by a small value. We argue that subsampling pixels can be thought to provide a set of robust features for the input image and, thus, improves robustness without performing adversarial training.