Interpretability-Guided Test-Time Adversarial Defense
Akshay Kulkarni, Tsui-Wei Weng
TL;DR
This paper introduces a training-free, interpretability-guided test-time adversarial defense that enhances robustness and accuracy with minimal computational cost, outperforming existing methods across multiple datasets and attack types.
Contribution
It presents a novel interpretability-guided neuron importance ranking method for test-time defense, improving robustness-accuracy tradeoff without additional training.
Findings
4x faster than previous defenses
Significant robustness improvements on CIFAR and ImageNet
Effective against diverse attack types
Abstract
We propose a novel and low-cost test-time adversarial defense by devising interpretability-guided neuron importance ranking methods to identify neurons important to the output classes. Our method is a training-free approach that can significantly improve the robustness-accuracy tradeoff while incurring minimal computational overhead. While being among the most efficient test-time defenses (4x faster), our method is also robust to a wide range of black-box, white-box, and adaptive attacks that break previous test-time defenses. We demonstrate the efficacy of our method for CIFAR10, CIFAR100, and ImageNet-1k on the standard RobustBench benchmark (with average gains of 2.6%, 4.9%, and 2.8% respectively). We also show improvements (average 1.5%) over the state-of-the-art test-time defenses even under strong adaptive attacks.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Fault Detection and Control Systems