Are Adversarial Robustness and Common Perturbation Robustness Independent Attributes ?
This addresses the problem of understanding and improving neural network robustness for AI safety and reliability, but it is incremental as it builds on existing robustness studies.
The paper investigates whether adversarial robustness and robustness to common perturbations (e.g., blur, noise) are independent attributes in neural networks, finding that they are indeed independent and that enhancing robustness to selected common perturbations improves resilience to unseen ones.
Neural Networks have been shown to be sensitive to common perturbations such as blur, Gaussian noise, rotations, etc. They are also vulnerable to some artificial malicious corruptions called adversarial examples. The adversarial examples study has recently become very popular and it sometimes even reduces the term "adversarial robustness" to the term "robustness". Yet, we do not know to what extent the adversarial robustness is related to the global robustness. Similarly, we do not know if a robustness to various common perturbations such as translations or contrast losses for instance, could help with adversarial corruptions. We intend to study the links between the robustnesses of neural networks to both perturbations. With our experiments, we provide one of the first benchmark designed to estimate the robustness of neural networks to common perturbations. We show that increasing the robustness to carefully selected common perturbations, can make neural networks more robust to unseen common perturbations. We also prove that adversarial robustness and robustness to common perturbations are independent. Our results make us believe that neural network robustness should be addressed in a broader sense.