Towards Building More Robust Models with Frequency Bias

TL;DR

This paper introduces a Frequency Preference Control Module that adaptively manages frequency components in neural network features, enhancing robustness against adversarial attacks across various models and datasets.

Contribution

It proposes a novel plug-and-play module for better frequency utilization in robust learning, overcoming limitations of previous low-pass filtering methods.

Findings

Improves model robustness in adversarial training.

Easily integrated into existing frameworks.

Provides insights into frequency bias effects.

Abstract

The vulnerability of deep neural networks to adversarial samples has been a major impediment to their broad applications, despite their success in various fields. Recently, some works suggested that adversarially-trained models emphasize the importance of low-frequency information to achieve higher robustness. While several attempts have been made to leverage this frequency characteristic, they have all faced the issue that applying low-pass filters directly to input images leads to irreversible loss of discriminative information and poor generalizability to datasets with distinct frequency features. This paper presents a plug-and-play module called the Frequency Preference Control Module that adaptively reconfigures the low- and high-frequency components of intermediate feature representations, providing better utilization of frequency in robust learning. Empirical studies show that our proposed module can be easily incorporated into any adversarial training framework, further improving model robustness across different architectures and datasets. Additionally, experiments were conducted to examine how the frequency bias of robust models impacts the adversarial training process and its final robustness, revealing interesting insights.