Rethinking Clustering for Robustness
This work addresses robustness in machine learning models, offering a novel adversary-free method that achieves state-of-the-art results, though it is incremental in building on existing connections between semantics and robustness.
The paper tackles the problem of improving deep neural network robustness by leveraging semantically-aligned features, proposing a clustering-based training framework called ClusTR that outperforms adversarially-trained networks by up to 4% under strong PGD attacks.
This paper studies how encouraging semantically-aligned features during deep neural network training can increase network robustness. Recent works observed that Adversarial Training leads to robust models, whose learnt features appear to correlate with human perception. Inspired by this connection from robustness to semantics, we study the complementary connection: from semantics to robustness. To do so, we provide a robustness certificate for distance-based classification models (clustering-based classifiers). Moreover, we show that this certificate is tight, and we leverage it to propose ClusTR (Clustering Training for Robustness), a clustering-based and adversary-free training framework to learn robust models. Interestingly, \textit{ClusTR} outperforms adversarially-trained networks by up to $4\%$ under strong PGD attacks.