Enhancing Multiple Reliability Measures via Nuisance-extended Information Bottleneck
This addresses robustness issues in machine learning models for scenarios with limited data, though it appears incremental as it builds on existing information bottleneck and adversarial training methods.
The paper tackles the problem of models co-adapting to non-generalizable shortcut signals in limited training data, which leads to fragility under distribution shifts, and proposes a method that improves robustness across multiple reliability measures, such as advancing novelty detection AUROC from 78.4% to 87.2% on a benchmark.
In practical scenarios where training data is limited, many predictive signals in the data can be rather from some biases in data acquisition (i.e., less generalizable), so that one cannot prevent a model from co-adapting on such (so-called) "shortcut" signals: this makes the model fragile in various distribution shifts. To bypass such failure modes, we consider an adversarial threat model under a mutual information constraint to cover a wider class of perturbations in training. This motivates us to extend the standard information bottleneck to additionally model the nuisance information. We propose an autoencoder-based training to implement the objective, as well as practical encoder designs to facilitate the proposed hybrid discriminative-generative training concerning both convolutional- and Transformer-based architectures. Our experimental results show that the proposed scheme improves robustness of learned representations (remarkably without using any domain-specific knowledge), with respect to multiple challenging reliability measures. For example, our model could advance the state-of-the-art on a recent challenging OBJECTS benchmark in novelty detection by $78.4\% \rightarrow 87.2\%$ in AUROC, while simultaneously enjoying improved corruption, background and (certified) adversarial robustness. Code is available at https://github.com/jh-jeong/nuisance_ib.