Timezone: »

 
Part-Based Models Improve Adversarial Robustness
Chawin Sitawarin · Kornrapat Pongmala · Yizheng Chen · Nicholas Carlini · David Wagner

@
in Workshop on Machine Learning Safety »

We show that combining human prior knowledge with end-to-end learning can improve the robustness of deep neural networks by introducing a part-based model for object classification. We believe that the richer form of annotation helps guide neural networks to learn more robust features without requiring more samples or larger models. Our model combines a part segmentation model with a tiny classifier and is trained end-to-end to simultaneously segment objects into parts and then classify the segmented object. Empirically, our part-based models achieve both higher accuracy and higher adversarial robustness than a ResNet-50 baseline on all three datasets. For instance, the clean accuracy of our part models is up to 15 percentage points higher than the baseline’s, given the same level of robustness. Our experiments indicate that these models also reduce texture bias and yield better robustness against common corruptions and spurious correlations. The code is publicly available at https://github.com/chawins/adv-part-model.

[ Poster [ Topia

Author Information

Chawin Sitawarin (University of California, Berkeley)
Kornrapat Pongmala (UC Berkeley)
Yizheng Chen (UC Berkeley)
Nicholas Carlini (Google)
David Wagner (University of California Berkeley)

More from the Same Authors