Training on Foveated Images Improves Robustness to Adversarial Attacks

TL;DR

Training neural networks on foveated images that mimic peripheral vision reduces their vulnerability to adversarial attacks and other corruptions, leading to significantly improved robustness.

Contribution

This paper introduces \\RBlur, a novel image transformation simulating peripheral vision, and demonstrates that training on such images enhances DNN robustness against adversarial and corruptive perturbations.

Findings

DNNs trained on \\RBlur images are more robust to adversarial attacks.

Training on foveated images improves accuracy on corrupted data.

Up to 25% higher accuracy on perturbed datasets.

Abstract

Deep neural networks (DNNs) have been shown to be vulnerable to adversarial attacks -- subtle, perceptually indistinguishable perturbations of inputs that change the response of the model. In the context of vision, we hypothesize that an important contributor to the robustness of human visual perception is constant exposure to low-fidelity visual stimuli in our peripheral vision. To investigate this hypothesis, we develop \RBlur, an image transform that simulates the loss in fidelity of peripheral vision by blurring the image and reducing its color saturation based on the distance from a given fixation point. We show that compared to DNNs trained on the original images, DNNs trained on images transformed by \RBlur are substantially more robust to adversarial attacks, as well as other, non-adversarial, corruptions, achieving up to 25\% higher accuracy on perturbed data.