Killing it with Zero-Shot: Adversarially Robust Novelty Detection

TL;DR

This paper introduces a novel approach combining nearest-neighbor algorithms with robust pretrained features to significantly improve the robustness and performance of novelty detection systems against adversarial attacks.

Contribution

It proposes a new method that integrates robust features from pretrained models into k-NN for enhanced adversarial robustness in novelty detection.

Findings

Outperforms state-of-the-art methods on multiple benchmarks

Demonstrates increased robustness under adversarial conditions

Establishes a new standard for robust novelty detection

Abstract

Novelty Detection (ND) plays a crucial role in machine learning by identifying new or unseen data during model inference. This capability is especially important for the safe and reliable operation of automated systems. Despite advances in this field, existing techniques often fail to maintain their performance when subject to adversarial attacks. Our research addresses this gap by marrying the merits of nearest-neighbor algorithms with robust features obtained from models pretrained on ImageNet. We focus on enhancing the robustness and performance of ND algorithms. Experimental results demonstrate that our approach significantly outperforms current state-of-the-art methods across various benchmarks, particularly under adversarial conditions. By incorporating robust pretrained features into the k-NN algorithm, we establish a new standard for performance and robustness in the field of robust ND. This work opens up new avenues for research aimed at fortifying machine learning systems against adversarial vulnerabilities. Our implementation is publicly available at https://github.com/rohban-lab/ZARND.