Killing it with Zero-Shot: Adversarially Robust Novelty Detection
This addresses the need for more robust novelty detection in automated systems, though it is incremental as it builds on existing techniques.
The paper tackles the problem of novelty detection failing under adversarial attacks by combining nearest-neighbor algorithms with robust pretrained features, resulting in significantly outperforming state-of-the-art methods across benchmarks, especially in adversarial conditions.
Novelty Detection (ND) plays a crucial role in machine learning by identifying new or unseen data during model inference. This capability is especially important for the safe and reliable operation of automated systems. Despite advances in this field, existing techniques often fail to maintain their performance when subject to adversarial attacks. Our research addresses this gap by marrying the merits of nearest-neighbor algorithms with robust features obtained from models pretrained on ImageNet. We focus on enhancing the robustness and performance of ND algorithms. Experimental results demonstrate that our approach significantly outperforms current state-of-the-art methods across various benchmarks, particularly under adversarial conditions. By incorporating robust pretrained features into the k-NN algorithm, we establish a new standard for performance and robustness in the field of robust ND. This work opens up new avenues for research aimed at fortifying machine learning systems against adversarial vulnerabilities. Our implementation is publicly available at https://github.com/rohban-lab/ZARND.