NSA: Naturalistic Support Artifact to Boost Network Confidence

TL;DR

This paper introduces naturalistic support artifacts (NSA), generated with DC-GAN, to enhance the robustness and confidence of visual AI systems against natural corruptions and adversarial attacks without retraining models.

Contribution

The work proposes NSA as a novel, natural-looking artifact method to improve model confidence and robustness in real-world scenarios where model parameters are inaccessible.

Findings

Prediction confidence increased fourfold with NSA.

NSA improved adversarial accuracy by 8%.

Saliency map analysis explains NSA's effectiveness.

Abstract

Visual AI systems are vulnerable to natural and synthetic physical corruption in the real-world. Such corruption often arises unexpectedly and alters the model's performance. In recent years, the primary focus has been on adversarial attacks. However, natural corruptions (e.g., snow, fog, dust) are an omnipresent threat to visual AI systems and should be considered equally important. Many existing works propose interesting solutions to train robust models against natural corruption. These works either leverage image augmentations, which come with the additional cost of model training, or place suspicious patches in the scene to design unadversarial examples. In this work, we propose the idea of naturalistic support artifacts (NSA) for robust prediction. The NSAs are shown to be beneficial in scenarios where model parameters are inaccessible and adding artifacts in the scene is feasible. The NSAs are natural looking objects generated through artifact training using DC-GAN to have high visual fidelity in the scene. We test against natural corruptions on the Imagenette dataset and observe the improvement in prediction confidence score by four times. We also demonstrate NSA's capability to increase adversarial accuracy by 8\% on average. Lastly, we qualitatively analyze NSAs using saliency maps to understand how they help improve prediction confidence.