TY - JOUR
T1 - Property analysis of adversarially robust representation
AU - Fukuhara, Yoshihiro
AU - Itazuri, Takahiro
AU - Kataoka, Hirokatsu
AU - Morishima, Shigeo
N1 - Publisher Copyright:
© 2021 Japan Society for Precision Engineering. All rights reserved.
PY - 2021/1/5
Y1 - 2021/1/5
N2 - In this paper, we address the open question: "What do adversarially robust models look at?" Recently, it has been reported in many works that there exists the trade-off between standard accuracy and adversarial robustness. According to prior works, this trade-off is rooted in the fact that adversarially robust and standard accurate models might depend on very different sets of features. However, it has not been well studied what kind of difference actually exists. In this paper, we analyze this difference through various experiments visually and quantitatively. Experimental results show that adversarially robust models look at things at a larger scale than standard models and pay less attention to fine textures. Furthermore, although it has been claimed that adversarially robust features are not compatible with standard accuracy, there is even a positive effect by using them as pre-trained models particularly in low resolution datasets.
AB - In this paper, we address the open question: "What do adversarially robust models look at?" Recently, it has been reported in many works that there exists the trade-off between standard accuracy and adversarial robustness. According to prior works, this trade-off is rooted in the fact that adversarially robust and standard accurate models might depend on very different sets of features. However, it has not been well studied what kind of difference actually exists. In this paper, we analyze this difference through various experiments visually and quantitatively. Experimental results show that adversarially robust models look at things at a larger scale than standard models and pay less attention to fine textures. Furthermore, although it has been claimed that adversarially robust features are not compatible with standard accuracy, there is even a positive effect by using them as pre-trained models particularly in low resolution datasets.
KW - Adversarial examples
KW - Adversarial robustness
KW - Interpret ability
KW - Robust representation
KW - Trade-off between accuracy and robustness
UR - http://www.scopus.com/inward/record.url?scp=85100066891&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85100066891&partnerID=8YFLogxK
U2 - 10.2493/jjspe.87.83
DO - 10.2493/jjspe.87.83
M3 - Article
AN - SCOPUS:85100066891
SN - 0912-0289
VL - 87
SP - 83
EP - 91
JO - Seimitsu Kogaku Kaishi/Journal of the Japan Society for Precision Engineering
JF - Seimitsu Kogaku Kaishi/Journal of the Japan Society for Precision Engineering
IS - 1
ER -