Adversarial and Natural Perturbations for General Robustness
This work addresses the problem of balancing robustness against different perturbation types for machine learning practitioners, though it is incremental in nature.
The paper investigates the general robustness of neural network classifiers by comparing adversarial and natural perturbations, finding that adversarial training improves adversarial robustness but reduces performance on natural perturbations and clean images, while natural perturbations enhance both natural and adversarial robustness without harming clean accuracy.
In this paper we aim to explore the general robustness of neural network classifiers by utilizing adversarial as well as natural perturbations. Different from previous works which mainly focus on studying the robustness of neural networks against adversarial perturbations, we also evaluate their robustness on natural perturbations before and after robustification. After standardizing the comparison between adversarial and natural perturbations, we demonstrate that although adversarial training improves the performance of the networks against adversarial perturbations, it leads to drop in the performance for naturally perturbed samples besides clean samples. In contrast, natural perturbations like elastic deformations, occlusions and wave does not only improve the performance against natural perturbations, but also lead to improvement in the performance for the adversarial perturbations. Additionally they do not drop the accuracy on the clean images.