Towards Adversarial Robustness of Deep Vision Algorithms

TL;DR

This paper discusses the vulnerability of deep vision algorithms to adversarial attacks and explores methods to evaluate and improve their robustness, including new evaluation tools and robustification techniques, while also examining their generalization to real-world noise.

Contribution

It introduces the ObsAtk evaluation method, develops robustification techniques like HAT, TisODE, and CIFS, and investigates the link between adversarial robustness and domain generalization in deep vision models.

Findings

ObsAtk effectively evaluates denoiser robustness.

Proposed methods improve model robustness against adversarial attacks.

Robust denoisers can handle unseen real-world noise types.

Abstract

Deep learning methods have achieved great success in solving computer vision tasks, and they have been widely utilized in artificially intelligent systems for image processing, analysis, and understanding. However, deep neural networks have been shown to be vulnerable to adversarial perturbations in input data. The security issues of deep neural networks have thus come to the fore. It is imperative to study the adversarial robustness of deep vision algorithms comprehensively. This talk focuses on the adversarial robustness of image classification models and image denoisers. We will discuss the robustness of deep vision algorithms from three perspectives: 1) robustness evaluation (we propose the ObsAtk to evaluate the robustness of denoisers), 2) robustness improvement (HAT, TisODE, and CIFS are developed to robustify vision models), and 3) the connection between adversarial robustness and generalization capability to new domains (we find that adversarially robust denoisers can deal with unseen types of real-world noise).