We show that there exists an inherent tension between the goal of adversarial
robustness and that of standard generalization. Specifically, training robust
models may not only be more resource-consuming, but also lead to a reduction of
standard accuracy. We demonstrate that this trade-off between the standard
accuracy of a model and its robustness to adversarial perturbations provably
exists even in a fairly simple and natural setting. These findings also
corroborate a similar phenomenon observed in practice. Further, we argue that
this phenomenon is a consequence of robust classifiers learning fundamentally
different feature representations than standard classifiers. These differences,
in particular, seem to result in unexpected benefits: the representations
learned by robust models tend to align better with salient data characteristics
and human perception.
Описание
[1805.12152] Robustness May Be at Odds with Accuracy
%0 Journal Article
%1 tsipras2018robustness
%A Tsipras, Dimitris
%A Santurkar, Shibani
%A Engstrom, Logan
%A Turner, Alexander
%A Madry, Aleksander
%D 2018
%K adversarial readings robustness
%T Robustness May Be at Odds with Accuracy
%U http://arxiv.org/abs/1805.12152
%X We show that there exists an inherent tension between the goal of adversarial
robustness and that of standard generalization. Specifically, training robust
models may not only be more resource-consuming, but also lead to a reduction of
standard accuracy. We demonstrate that this trade-off between the standard
accuracy of a model and its robustness to adversarial perturbations provably
exists even in a fairly simple and natural setting. These findings also
corroborate a similar phenomenon observed in practice. Further, we argue that
this phenomenon is a consequence of robust classifiers learning fundamentally
different feature representations than standard classifiers. These differences,
in particular, seem to result in unexpected benefits: the representations
learned by robust models tend to align better with salient data characteristics
and human perception.
@article{tsipras2018robustness,
abstract = {We show that there exists an inherent tension between the goal of adversarial
robustness and that of standard generalization. Specifically, training robust
models may not only be more resource-consuming, but also lead to a reduction of
standard accuracy. We demonstrate that this trade-off between the standard
accuracy of a model and its robustness to adversarial perturbations provably
exists even in a fairly simple and natural setting. These findings also
corroborate a similar phenomenon observed in practice. Further, we argue that
this phenomenon is a consequence of robust classifiers learning fundamentally
different feature representations than standard classifiers. These differences,
in particular, seem to result in unexpected benefits: the representations
learned by robust models tend to align better with salient data characteristics
and human perception.},
added-at = {2019-06-11T05:55:56.000+0200},
author = {Tsipras, Dimitris and Santurkar, Shibani and Engstrom, Logan and Turner, Alexander and Madry, Aleksander},
biburl = {https://www.bibsonomy.org/bibtex/213ed51434b74448cc9b2b15070109df0/kirk86},
description = {[1805.12152] Robustness May Be at Odds with Accuracy},
interhash = {4874c477d0bf0d5cec3a928ebedc6f88},
intrahash = {13ed51434b74448cc9b2b15070109df0},
keywords = {adversarial readings robustness},
note = {cite arxiv:1805.12152},
timestamp = {2019-09-26T15:45:39.000+0200},
title = {Robustness May Be at Odds with Accuracy},
url = {http://arxiv.org/abs/1805.12152},
year = 2018
}