AugRmixAT: A Data Processing and Training Method for Improving Multiple Robustness and Generalization Performance

TL;DR

This paper introduces AugRmixAT, a novel data processing and training approach that enhances multiple robustness types and generalization in neural networks without sacrificing performance on unperturbed data.

Contribution

AugRmixAT is a new method that simultaneously improves neural network robustness to various perturbations and maintains high generalization performance.

Findings

Improves robustness to adversarial attacks, noise, and occlusion.

Enhances generalization on unperturbed data.

Validated on CIFAR-10/100 and Tiny-ImageNet datasets.

Abstract

Deep neural networks are powerful, but they also have shortcomings such as their sensitivity to adversarial examples, noise, blur, occlusion, etc. Moreover, ensuring the reliability and robustness of deep neural network models is crucial for their application in safety-critical areas. Much previous work has been proposed to improve specific robustness. However, we find that the specific robustness is often improved at the sacrifice of the additional robustness or generalization ability of the neural network model. In particular, adversarial training methods significantly hurt the generalization performance on unperturbed data when improving adversarial robustness. In this paper, we propose a new data processing and training method, called AugRmixAT, which can simultaneously improve the generalization ability and multiple robustness of neural network models. Finally, we validate the effectiveness of AugRmixAT on the CIFAR-10/100 and Tiny-ImageNet datasets. The experiments demonstrate that AugRmixAT can improve the model's generalization performance while enhancing the white-box robustness, black-box robustness, common corruption robustness, and partial occlusion robustness.