Towards Adversarial Robustness of Model-Level Mixture-of-Experts Architectures for Semantic Segmentation
This work addresses adversarial robustness for semantic segmentation in autonomous driving, but it is incremental as it applies an existing method to a new problem.
The paper investigates the adversarial vulnerability of mixture-of-experts (MoE) architectures for semantic segmentation in urban and highway traffic scenes, finding that MoEs are generally more robust to various white-box and transfer attacks compared to ensembles.
Vulnerability to adversarial attacks is a well-known deficiency of deep neural networks. Larger networks are generally more robust, and ensembling is one method to increase adversarial robustness: each model's weaknesses are compensated by the strengths of others. While an ensemble uses a deterministic rule to combine model outputs, a mixture of experts (MoE) includes an additional learnable gating component that predicts weights for the outputs of the expert models, thus determining their contributions to the final prediction. MoEs have been shown to outperform ensembles on specific tasks, yet their susceptibility to adversarial attacks has not been studied yet. In this work, we evaluate the adversarial vulnerability of MoEs for semantic segmentation of urban and highway traffic scenes. We show that MoEs are, in most cases, more robust to per-instance and universal white-box adversarial attacks and can better withstand transfer attacks. Our code is available at \url{https://github.com/KASTEL-MobilityLab/mixtures-of-experts/}.