Do Perceptually Aligned Gradients Imply Adversarial Robustness?
This work addresses the problem of understanding and improving adversarial robustness in machine learning models, offering a novel perspective by focusing on gradient alignment as a standalone trait.
The paper investigates whether Perceptually Aligned Gradients (PAG) imply adversarial robustness in classifiers, finding that models with aligned gradients exhibit significant robustness across multiple datasets and architectures, and leveraging this to enhance existing adversarial training techniques.
Adversarially robust classifiers possess a trait that non-robust models do not -- Perceptually Aligned Gradients (PAG). Their gradients with respect to the input align well with human perception. Several works have identified PAG as a byproduct of robust training, but none have considered it as a standalone phenomenon nor studied its own implications. In this work, we focus on this trait and test whether \emph{Perceptually Aligned Gradients imply Robustness}. To this end, we develop a novel objective to directly promote PAG in training classifiers and examine whether models with such gradients are more robust to adversarial attacks. Extensive experiments on multiple datasets and architectures validate that models with aligned gradients exhibit significant robustness, exposing the surprising bidirectional connection between PAG and robustness. Lastly, we show that better gradient alignment leads to increased robustness and harness this observation to boost the robustness of existing adversarial training techniques.