The literature on robustness towards common corruptions shows no consensus on whether adversarial training can improve the performance in this setting. First, we show that, when used with an appropriately selected perturbation radius, $\ell_p$ adversarial training can serve as a strong baseline against common corruptions. Then we explain why adversarial training performs better than data augmentation with simple Gaussian noise which has been observed to be a meaningful baseline on common corruptions. Related to this, we identify the $\sigma$-overfitting phenomenon when Gaussian augmentation overfits to a particular standard deviation used for training which has a significant detrimental effect on common corruption accuracy. We discuss how to alleviate this problem and then how to further enhance $\ell_p$ adversarial training by introducing an efficient relaxation of adversarial training with learned perceptual image patch similarity as the distance metric. Through experiments on CIFAR-10 and ImageNet-100, we show that our approach does not only improve the $\ell_p$ adversarial training baseline but also has cumulative gains with data augmentation methods such as AugMix, ANT, and SIN leading to state-of-the-art performance on common corruptions. The code of our experiments is publicly available at https://github.com/tml-epfl/adv-training-corruptions.
翻译:关于针对常见腐败的稳健性强的文献表明,对于对抗性培训是否能够提高在这一背景下的绩效,我们没有共识。 首先,我们表明,如果在适当选择的扰动半径范围内使用,则美元/美元/美元/美元/美元/美元/美元/美元/美元的对抗性培训可以作为对付常见腐败的有力基准。然后我们解释为什么对抗性培训比数据增强要好,而简单的高斯语噪音被认为是关于常见腐败的有意义的基线。与此相关的,我们确定,当高西语培训的扩大超过对通用腐败准确性有重大不利影响的特定标准偏差时,那么在使用该培训时,美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元/美元