Poster
Invariance-inducing regularization using worst-case transformations suffices to boost accuracy and spatial robustness
Fanny Yang · Zuowen Wang · Christina Heinze-Deml
East Exhibition Hall B + C #17
Keywords: [ Deep Learning -> Optimization for Deep Networks; Theory ] [ Regularization ] [ Adversarial Learning ] [ Algorithms ]
This work provides theoretical and empirical evidence that invariance-inducing regularizers can increase predictive accuracy for worst-case spatial transformations (spatial robustness). Evaluated on these adversarially transformed examples, standard and adversarial training with such regularizers achieves a relative error reduction of 20% for CIFAR-10 with the same computational budget. This even surpasses handcrafted spatial-equivariant networks. Furthermore, we observe for SVHN, known to have inherent variance in orientation, that robust training also improves standard accuracy on the test set. We prove that this no-trade-off phenomenon holds for adversarial examples from transformation groups.
Live content is unavailable. Log in and register to view live content