A Robust Adversarial Ensemble with Causal (Feature Interaction) Interpretations for Image Classification
This addresses the problem of adversarial robustness in image classification for AI safety, though it appears incremental as it builds on existing ensemble and generative methods.
The paper tackled the vulnerability of deep learning classifiers to adversarial examples by proposing a deep ensemble model that combines discriminative and generative components, achieving superior robustness against white-box attacks without adversarial training on CIFAR-10 and CIFAR-100.
Deep learning-based discriminative classifiers, despite their remarkable success, remain vulnerable to adversarial examples that can mislead model predictions. While adversarial training can enhance robustness, it fails to address the intrinsic vulnerability stemming from the opaque nature of these black-box models. We present a deep ensemble model that combines discriminative features with generative models to achieve both high accuracy and adversarial robustness. Our approach integrates a bottom-level pre-trained discriminative network for feature extraction with a top-level generative classification network that models adversarial input distributions through a deep latent variable model. Using variational Bayes, our model achieves superior robustness against white-box adversarial attacks without adversarial training. Extensive experiments on CIFAR-10 and CIFAR-100 demonstrate our model's superior adversarial robustness. Through evaluations using counterfactual metrics and feature interaction-based metrics, we establish correlations between model interpretability and adversarial robustness. Additionally, preliminary results on Tiny-ImageNet validate our approach's scalability to more complex datasets, offering a practical solution for developing robust image classification models.