Evaluating Robustness of Predictive Uncertainty Estimation: Are Dirichlet-based Models Reliable?

TL;DR

This paper critically evaluates the robustness of Dirichlet-based uncertainty models against adversarial attacks, revealing their vulnerabilities and proposing a median smoothing method to enhance their robustness.

Contribution

It provides the first large-scale analysis of DBU models' robustness and introduces a median smoothing approach to improve their resilience against adversarial threats.

Findings

DBU models are not robust in indicating correct/wrong classifications

Uncertainty estimates struggle to detect adversarial examples

Median smoothing significantly improves DBU robustness

Abstract

Dirichlet-based uncertainty (DBU) models are a recent and promising class of uncertainty-aware models. DBU models predict the parameters of a Dirichlet distribution to provide fast, high-quality uncertainty estimates alongside with class predictions. In this work, we present the first large-scale, in-depth study of the robustness of DBU models under adversarial attacks. Our results suggest that uncertainty estimates of DBU models are not robust w.r.t. three important tasks: (1) indicating correctly and wrongly classified samples; (2) detecting adversarial examples; and (3) distinguishing between in-distribution (ID) and out-of-distribution (OOD) data. Additionally, we explore the first approaches to make DBU models more robust. While adversarial training has a minor effect, our median smoothing based approach significantly increases robustness of DBU models.