MixedNUTS: Training-Free Accuracy-Robustness Balance via Nonlinearly Mixed Classifiers
This addresses the problem of balancing accuracy and robustness for real-life applications of machine learning models, offering a training-free solution that is incremental over existing ensemble approaches.
The paper tackles the trade-off between adversarial robustness and clean accuracy in classification models by proposing MixedNUTS, a training-free ensemble method that nonlinearly mixes classifiers' logits. It achieves a 7.86-point boost in clean accuracy on CIFAR-100 with only a 0.87-point drop in robust accuracy.
Adversarial robustness often comes at the cost of degraded accuracy, impeding real-life applications of robust classification models. Training-based solutions for better trade-offs are limited by incompatibilities with already-trained high-performance large models, necessitating the exploration of training-free ensemble approaches. Observing that robust models are more confident in correct predictions than in incorrect ones on clean and adversarial data alike, we speculate amplifying this "benign confidence property" can reconcile accuracy and robustness in an ensemble setting. To achieve so, we propose "MixedNUTS", a training-free method where the output logits of a robust classifier and a standard non-robust classifier are processed by nonlinear transformations with only three parameters, which are optimized through an efficient algorithm. MixedNUTS then converts the transformed logits into probabilities and mixes them as the overall output. On CIFAR-10, CIFAR-100, and ImageNet datasets, experimental results with custom strong adaptive attacks demonstrate MixedNUTS's vastly improved accuracy and near-SOTA robustness -- it boosts CIFAR-100 clean accuracy by 7.86 points, sacrificing merely 0.87 points in robust accuracy.