Boosting Adversarial Robustness and Generalization with Structural Prior

TL;DR

This paper introduces Elastic Dictionary Learning Networks (EDLNets), a new ResNet architecture that incorporates structural prior to significantly improve adversarial robustness and generalization, supported by theoretical analysis and extensive experiments.

Contribution

It proposes EDLNets, the first architecture leveraging structural prior to reliably enhance robustness against adaptive attacks, validated through theoretical and empirical evidence.

Findings

EDLNets outperform state-of-the-art models on robustness benchmarks.

Structural prior effectively enhances robustness under adaptive attacks.

Theoretical analysis confirms the robustness improvements.

Abstract

This work investigates a novel approach to boost adversarial robustness and generalization by incorporating structural prior into the design of deep learning models. Specifically, our study surprisingly reveals that existing dictionary learning-inspired convolutional neural networks (CNNs) provide a false sense of security against adversarial attacks. To address this, we propose Elastic Dictionary Learning Networks (EDLNets), a novel ResNet architecture that significantly enhances adversarial robustness and generalization. This novel and effective approach is supported by a theoretical robustness analysis using influence functions. Moreover, extensive and reliable experiments demonstrate consistent and significant performance improvement on open robustness leaderboards such as RobustBench, surpassing state-of-the-art baselines. To the best of our knowledge, this is the first work to discover and validate that structural prior can reliably enhance deep learning robustness under strong adaptive attacks, unveiling a promising direction for future research.