Towards Adversarial Robustness of Model-Level Mixture-of-Experts Architectures for Semantic Segmentation

TL;DR

This paper investigates the adversarial robustness of model-level mixture-of-experts architectures for semantic segmentation, demonstrating that MoEs are generally more resistant to various white-box and transfer adversarial attacks than traditional models.

Contribution

It is the first study to evaluate and show the improved adversarial robustness of MoE architectures in semantic segmentation tasks.

Findings

MoEs are more robust to white-box adversarial attacks

MoEs better withstand transfer attacks

MoEs outperform traditional models in adversarial robustness

Abstract

Vulnerability to adversarial attacks is a well-known deficiency of deep neural networks. Larger networks are generally more robust, and ensembling is one method to increase adversarial robustness: each model's weaknesses are compensated by the strengths of others. While an ensemble uses a deterministic rule to combine model outputs, a mixture of experts (MoE) includes an additional learnable gating component that predicts weights for the outputs of the expert models, thus determining their contributions to the final prediction. MoEs have been shown to outperform ensembles on specific tasks, yet their susceptibility to adversarial attacks has not been studied yet. In this work, we evaluate the adversarial vulnerability of MoEs for semantic segmentation of urban and highway traffic scenes. We show that MoEs are, in most cases, more robust to per-instance and universal white-box adversarial attacks and can better withstand transfer attacks. Our code is available at \url{https://github.com/KASTEL-MobilityLab/mixtures-of-experts/}.