Adversarial Robustness on In- and Out-Distribution Improves Explainability
Augustin, Maximilian, Meinke, Alexander, Hein, Matthias
Neural networks have led to major improvements in image classification but suffer from being non-robust to adversarial changes, unreliable uncertainty estimates on out-distribution samples and their inscrutable black-box decisions. In this work we propose RATIO, a training procedure for Robustness via Adversarial Training on In- and Out-distribution, which leads to robust models with reliable and robust confidence estimates on the out-distribution. RATIO has similar generative properties to adversarial training so that visual counterfactuals produce class specific features. While adversarial training comes at the price of lower clean accuracy, RATIO achieves state-of-the-art $l_2$-adversarial robustness on CIFAR10 and maintains better clean accuracy.
- Country:
- Europe
- Italy > Calabria
- Catanzaro Province > Catanzaro (0.04)
- Germany > Baden-Württemberg
- Tübingen Region > Tübingen (0.04)
- Italy > Calabria
- Asia > Middle East
- Jordan (0.04)
- Europe
- Genre:
- Research Report (0.81)
- Industry:
- Transportation (0.34)
- Technology: