Maximilian Augustin, Alexander Meinke, Matthias Hein
Published 2020-03-20Version 1
Neural networks have led to major improvements in image classification but suffer from being non-robust to adversarial changes, unreliable uncertainty estimates on out-distribution samples and their inscrutable black-box decisions. In this work we propose RATIO, a training procedure for Robustness via Adversarial Training on In- and Out-distribution, which leads to robust models with reliable and robust confidence estimates on the out-distribution. RATIO has similar generative properties to adversarial training so that visual counterfactuals produce class specific features. While adversarial training comes at the price of lower clean accuracy, RATIO achieves state-of-the-art $l_2$-adversarial robustness on CIFAR10 and maintains better clean accuracy.
Biologically Inspired Mechanisms for Adversarial Robustness
Bridging the Gap Between Adversarial Robustness and Optimization Bias
A Useful Taxonomy for Adversarial Robustness of Neural Networks
![QR code for arXiv:2003.09461 [cs.LG]](http://oss.arxitics.com/images/favicon.svg)