Are Accuracy and Robustness Correlated?

TL;DR

This paper investigates the relationship between accuracy and robustness in deep neural networks, showing that more accurate models tend to be less vulnerable to adversarial attacks and that adversarial examples often transfer between similar models.

Contribution

It provides empirical evidence that improved accuracy correlates with increased robustness and explores adversarial transferability across models.

Findings

Adversarial examples transfer mostly between similar network architectures.

Better models exhibit increased resistance to adversarial attacks.

Transferability of adversarial examples is significant among similar models.

Abstract

Machine learning models are vulnerable to adversarial examples formed by applying small carefully chosen perturbations to inputs that cause unexpected classification errors. In this paper, we perform experiments on various adversarial example generation approaches with multiple deep convolutional neural networks including Residual Networks, the best performing models on ImageNet Large-Scale Visual Recognition Challenge 2015. We compare the adversarial example generation techniques with respect to the quality of the produced images, and measure the robustness of the tested machine learning models to adversarial examples. Finally, we conduct large-scale experiments on cross-model adversarial portability. We find that adversarial examples are mostly transferable across similar network topologies, and we demonstrate that better machine learning models are less vulnerable to adversarial examples.