Rethinking Clustering for Robustness

TL;DR

This paper introduces ClusTR, a clustering-based training framework that enhances neural network robustness without adversarial training, outperforming traditional methods under strong attacks by leveraging semantic features.

Contribution

It provides a robustness certificate for clustering models and proposes ClusTR, a novel adversary-free training method that improves robustness by aligning features semantically.

Findings

ClusTR outperforms adversarial training by up to 4% under PGD attacks.

Provides a tight robustness certificate for clustering-based classifiers.

Establishes a connection from semantic features to robustness in neural networks.

Abstract

This paper studies how encouraging semantically-aligned features during deep neural network training can increase network robustness. Recent works observed that Adversarial Training leads to robust models, whose learnt features appear to correlate with human perception. Inspired by this connection from robustness to semantics, we study the complementary connection: from semantics to robustness. To do so, we provide a robustness certificate for distance-based classification models (clustering-based classifiers). Moreover, we show that this certificate is tight, and we leverage it to propose ClusTR (Clustering Training for Robustness), a clustering-based and adversary-free training framework to learn robust models. Interestingly, \textit{ClusTR} outperforms adversarially-trained networks by up to $4\%$ under strong PGD attacks.