Part-Based Models Improve Adversarial Robustness
This addresses the problem of adversarial vulnerability in AI systems for computer vision, offering a method that enhances robustness without requiring more data or larger models, though it appears incremental as it builds on existing part-based and segmentation approaches.
The paper tackles improving adversarial robustness in deep neural networks for object classification by introducing a part-based model that combines human prior knowledge with end-to-end learning, resulting in up to 15 percentage points higher clean accuracy than a ResNet-50 baseline at the same robustness level.
We show that combining human prior knowledge with end-to-end learning can improve the robustness of deep neural networks by introducing a part-based model for object classification. We believe that the richer form of annotation helps guide neural networks to learn more robust features without requiring more samples or larger models. Our model combines a part segmentation model with a tiny classifier and is trained end-to-end to simultaneously segment objects into parts and then classify the segmented object. Empirically, our part-based models achieve both higher accuracy and higher adversarial robustness than a ResNet-50 baseline on all three datasets. For instance, the clean accuracy of our part models is up to 15 percentage points higher than the baseline's, given the same level of robustness. Our experiments indicate that these models also reduce texture bias and yield better robustness against common corruptions and spurious correlations. The code is publicly available at https://github.com/chawins/adv-part-model.