Enhancing Adversarial Robustness via Test-time Transformation Ensembling
This addresses the vulnerability of deep learning models to adversarial attacks, offering a practical defense method, though it is incremental as it builds on existing transformation techniques.
The paper tackled the problem of adversarial attacks on deep learning models by studying Test-time Transformation Ensembling (TTE) as a defense, showing it consistently improves robustness against various attacks without retraining and with minimal accuracy trade-off on clean samples, including benefits in certified robustness.
Deep learning models are prone to being fooled by imperceptible perturbations known as adversarial attacks. In this work, we study how equipping models with Test-time Transformation Ensembling (TTE) can work as a reliable defense against such attacks. While transforming the input data, both at train and test times, is known to enhance model performance, its effects on adversarial robustness have not been studied. Here, we present a comprehensive empirical study of the impact of TTE, in the form of widely-used image transforms, on adversarial robustness. We show that TTE consistently improves model robustness against a variety of powerful attacks without any need for re-training, and that this improvement comes at virtually no trade-off with accuracy on clean samples. Finally, we show that the benefits of TTE transfer even to the certified robustness domain, in which TTE provides sizable and consistent improvements.