Brain-inspired reverse adversarial examples
This addresses robustness issues in safety-critical systems by enhancing model generalization, though it is incremental as it builds on existing adversarial example research.
The paper tackles the fragility of deep learning models to adversarial examples by proposing a reverse adversarial examples method inspired by human brain mechanisms, which improves accuracy by an average of 19.02% on unseen data transformations and up to 30.78% for compressed models.
A human does not have to see all elephants to recognize an animal as an elephant. On contrast, current state-of-the-art deep learning approaches heavily depend on the variety of training samples and the capacity of the network. In practice, the size of network is always limited and it is impossible to access all the data samples. Under this circumstance, deep learning models are extremely fragile to human-imperceivable adversarial examples, which impose threats to all safety critical systems. Inspired by the association and attention mechanisms of the human brain, we propose reverse adversarial examples method that can greatly improve models' robustness on unseen data. Experiments show that our reverse adversarial method can improve accuracy on average 19.02% on ResNet18, MobileNet, and VGG16 on unseen data transformation. Besides, the proposed method is also applicable to compressed models and shows potential to compensate the robustness drop brought by model quantization - an absolute 30.78% accuracy improvement.