References & Citations
Computer Science > Computer Vision and Pattern Recognition
Title: Defending Against Image Corruptions Through Adversarial Augmentations
(Submitted on 2 Apr 2021 (v1), last revised 16 Dec 2021 (this version, v3))
Abstract: Modern neural networks excel at image classification, yet they remain vulnerable to common image corruptions such as blur, speckle noise or fog. Recent methods that focus on this problem, such as AugMix and DeepAugment, introduce defenses that operate in expectation over a distribution of image corruptions. In contrast, the literature on $\ell_p$-norm bounded perturbations focuses on defenses against worst-case corruptions. In this work, we reconcile both approaches by proposing AdversarialAugment, a technique which optimizes the parameters of image-to-image models to generate adversarially corrupted augmented images. We theoretically motivate our method and give sufficient conditions for the consistency of its idealized version as well as that of DeepAugment. Our classifiers improve upon the state-of-the-art on common image corruption benchmarks conducted in expectation on CIFAR-10-C and improve worst-case performance against $\ell_p$-norm bounded perturbations on both CIFAR-10 and ImageNet.
Submission history
From: Dan Andrei Calian [view email][v1] Fri, 2 Apr 2021 15:16:39 GMT (1882kb,D)
[v2] Tue, 20 Apr 2021 18:30:13 GMT (1882kb,D)
[v3] Thu, 16 Dec 2021 19:50:26 GMT (1598kb,D)
Link back to: arXiv, form interface, contact.