Robust Neural Architecture Search
This addresses the robustness-accuracy tradeoff in NAS for machine learning practitioners, though it appears incremental as it builds on existing robust NAS methods.
The paper tackles the problem of Neural Architecture Search (NAS) models being vulnerable to attacks by proposing Robust Neural Architecture Search (RNAS), which balances accuracy and robustness through a regularization term and uses noise examples to reduce search costs. Experiments show RNAS achieves state-of-the-art performance on image classification and adversarial attacks.
Neural Architectures Search (NAS) becomes more and more popular over these years. However, NAS-generated models tends to suffer greater vulnerability to various malicious attacks. Lots of robust NAS methods leverage adversarial training to enhance the robustness of NAS-generated models, however, they neglected the nature accuracy of NAS-generated models. In our paper, we propose a novel NAS method, Robust Neural Architecture Search (RNAS). To design a regularization term to balance accuracy and robustness, RNAS generates architectures with both high accuracy and good robustness. To reduce search cost, we further propose to use noise examples instead adversarial examples as input to search architectures. Extensive experiments show that RNAS achieves state-of-the-art (SOTA) performance on both image classification and adversarial attacks, which illustrates the proposed RNAS achieves a good tradeoff between robustness and accuracy.