Robust Principles: Architectural Design Principles for Adversarially Robust CNNs
ShengYun Peng (Georgia Institute of Technology),* Weilin Xu (Intel), Cory Cornelius (Intel Corporation), Matthew Hull (Georgia Institute of Technology), Kevin Li (Georgia Institute of Technology), Rahul Duggal (Georgia Tech), Mansi Phute (Georgia Institute of Technology), Jason Martin (Intel Corporation), Duen Horng Chau (Georgia Institute of Technology)
The 34th British Machine Vision Conference
Abstract
We aim to unify existing works' diverging opinions on how architectural components affect the adversarial robustness of CNNs. To accomplish our goal, we synthesize a suite of three generalizable robust architectural design principles: (a) optimal range for depth and width configurations, (b) preferring convolutional over patchify stem stage, and (c) robust residual block design through adopting squeeze and excitation blocks and non-parametric smooth activation functions. Through extensive experiments across a wide spectrum of dataset scales, adversarial training methods, model parameters, and network design spaces, our principles consistently and markedly improve AutoAttack accuracy: 1-3 percentage points (pp) on CIFAR-10 and CIFAR-100, and 4-9 pp on ImageNet. The code is publicly available at https://github.com/poloclub/robust-principles.Video
Citation
@inproceedings{Peng_2023_BMVC,
author = {ShengYun Peng and Weilin Xu and Cory Cornelius and Matthew Hull and Kevin Li and Rahul Duggal and Mansi Phute and Jason Martin and Duen Horng Chau},
title = {Robust Principles: Architectural Design Principles for Adversarially Robust CNNs},
booktitle = {34th British Machine Vision Conference 2023, {BMVC} 2023, Aberdeen, UK, November 20-24, 2023},
publisher = {BMVA},
year = {2023},
url = {https://papers.bmvc2023.org/0739.pdf}
}
Copyright © 2023
The British Machine Vision Conference is organised by