Is it the model or the metric -- On robustness measures of deeplearning models

TL;DR

This paper examines the effectiveness of robustness metrics for deep learning models, especially in deepfake detection, highlighting that models with similar robust accuracy can have different robustness ratios under perturbations.

Contribution

It introduces the robust ratio (RR) as a new metric to complement robust accuracy (RA) for better robustness assessment of deep learning models.

Findings

RA can be similar across models, but RR reveals differences under perturbations.

RR varies with tolerance levels, indicating different robustness characteristics.

The study emphasizes the importance of multiple metrics for robustness evaluation.

Abstract

Determining the robustness of deep learning models is an established and ongoing challenge within automated decision-making systems. With the advent and success of techniques that enable advanced deep learning (DL), these models are being used in widespread applications, including high-stake ones like healthcare, education, border-control. Therefore, it is critical to understand the limitations of these models and predict their regions of failures, in order to create the necessary guardrails for their successful and safe deployment. In this work, we revisit robustness, specifically investigating the sufficiency of robust accuracy (RA), within the context of deepfake detection. We present robust ratio (RR) as a complementary metric, that can quantify the changes to the normalized or probability outcomes under input perturbation. We present a comparison of RA and RR and demonstrate that despite similar RA between models, the models show varying RR under different tolerance (perturbation) levels.