A Systematic Review of Robustness in Deep Learning for Computer Vision: Mind the gap?

TL;DR

This systematic review highlights the significant gap in non-adversarial robustness of deep learning models for computer vision, emphasizing the need for clearer definitions and targeted strategies to improve performance under natural image corruptions.

Contribution

The paper provides a comprehensive analysis of non-adversarial robustness, introduces a causal framework for understanding it, and identifies key techniques for enhancing model resilience.

Findings

Robustness research in computer vision is less developed than adversarial ML.

Models degrade significantly under natural image corruptions, similar to adversarial attacks.

Key strategies include architecture choices, data augmentation, and optimization methods.

Abstract

Deep neural networks for computer vision are deployed in increasingly safety-critical and socially-impactful applications, motivating the need to close the gap in model performance under varied, naturally occurring imaging conditions. Robustness, ambiguously used in multiple contexts including adversarial machine learning, refers here to preserving model performance under naturally-induced image corruptions or alterations. We perform a systematic review to identify, analyze, and summarize current definitions and progress towards non-adversarial robustness in deep learning for computer vision. We find this area of research has received disproportionately less attention relative to adversarial machine learning, yet a significant robustness gap exists that manifests in performance degradation similar in magnitude to adversarial conditions. Toward developing a more transparent definition of robustness, we provide a conceptual framework based on a structural causal model of the data generating process and interpret non-adversarial robustness as pertaining to a model's behavior on corrupted images corresponding to low-probability samples from the unaltered data distribution. We identify key architecture-, data augmentation-, and optimization tactics for improving neural network robustness. This robustness perspective reveals that common practices in the literature correspond to causal concepts. We offer perspectives on how future research may mind this evident and significant non-adversarial robustness gap.