Over the last few years, the phenomenon of \emph{adversarial examples} --- maliciously constructed inputs that fool trained machine learning models --- has captured the attention of the research community, especially when restricted to small modifications of a correctly handled input. Less surprisingly, image classifiers also lack human-level performance on randomly corrupted images, such as images with additive Gaussian noise. In this paper we provide both empirical and theoretical evidence that these are two manifestations of the same underlying phenomenon, and therefore the adversarial robustness and corruption robustness research programs are closely related. This suggests that improving adversarial robustness should go hand in hand with improving performance in the presence of more general and realistic image corruptions. This yields a computationally tractable evaluation metric for defenses to consider: test error in noisy image distributions.

Related Events (a corresponding poster, oral, or spotlight)

• 2019 Oral: Adversarial Examples Are a Natural Consequence of Test Error in Noise »
  Wed. Jun 12th 06:25 -- 06:30 PM Room Room 104

More from the Same Authors

• 2021 Poster: Learn2Hop: Learned Optimization on Rough Landscapes »
  Amil Merchant · Luke Metz · Samuel Schoenholz · Ekin Dogus Cubuk
• 2021 Spotlight: Learn2Hop: Learned Optimization on Rough Landscapes »
  Amil Merchant · Luke Metz · Samuel Schoenholz · Ekin Dogus Cubuk
• 2020 : Keynote #5 Justin Gilmer »
  Justin Gilmer
• 2020 Poster: Fundamental Tradeoffs between Invariance and Sensitivity to Adversarial Perturbations »
  Florian Tramer · Jens Behrmann · Nicholas Carlini · Nicolas Papernot · Joern-Henrik Jacobsen
• 2019 Workshop: Uncertainty and Robustness in Deep Learning »
  Sharon Yixuan Li · Dan Hendrycks · Thomas Dietterich · Balaji Lakshminarayanan · Justin Gilmer
• 2019 Poster: Imperceptible, Robust, and Targeted Adversarial Examples for Automatic Speech Recognition »
  Yao Qin · Nicholas Carlini · Garrison Cottrell · Ian Goodfellow · Colin Raffel
• 2019 Oral: Imperceptible, Robust, and Targeted Adversarial Examples for Automatic Speech Recognition »
  Yao Qin · Nicholas Carlini · Garrison Cottrell · Ian Goodfellow · Colin Raffel
• 2018 Poster: Interpretability Beyond Feature Attribution: Quantitative Testing with Concept Activation Vectors (TCAV) »
  Been Kim · Martin Wattenberg · Justin Gilmer · Carrie Cai · James Wexler · Fernanda Viégas · Rory sayres
• 2018 Oral: Interpretability Beyond Feature Attribution: Quantitative Testing with Concept Activation Vectors (TCAV) »
  Been Kim · Martin Wattenberg · Justin Gilmer · Carrie Cai · James Wexler · Fernanda Viégas · Rory sayres
• 2017 Poster: Neural Message Passing for Quantum Chemistry »
  Justin Gilmer · Samuel Schoenholz · Patrick F Riley · Oriol Vinyals · George Dahl
• 2017 Talk: Neural Message Passing for Quantum Chemistry »
  Justin Gilmer · Samuel Schoenholz · Patrick F Riley · Oriol Vinyals · George Dahl
• 2017 Poster: Input Switched Affine Networks: An RNN Architecture Designed for Interpretability »
  Jakob Foerster · Justin Gilmer · Jan Chorowski · Jascha Sohl-Dickstein · David Sussillo
• 2017 Talk: Input Switched Affine Networks: An RNN Architecture Designed for Interpretability »
  Jakob Foerster · Justin Gilmer · Jan Chorowski · Jascha Sohl-Dickstein · David Sussillo