Adversarial Examples Improve Image Recognition

CVPR 2020  ·  Cihang Xie, Mingxing Tan, Boqing Gong, Jiang Wang, Alan Yuille, Quoc V. Le ·

Adversarial examples are commonly viewed as a threat to ConvNets. Here we present an opposite perspective: adversarial examples can be used to improve image recognition models if harnessed in the right manner. We propose AdvProp, an enhanced adversarial training scheme which treats adversarial examples as additional examples, to prevent overfitting. Key to our method is the usage of a separate auxiliary batch norm for adversarial examples, as they have different underlying distributions to normal examples. We show that AdvProp improves a wide range of models on various image recognition tasks and performs better when the models are bigger. For instance, by applying AdvProp to the latest EfficientNet-B7 [28] on ImageNet, we achieve significant improvements on ImageNet (+0.7%), ImageNet-C (+6.5%), ImageNet-A (+7.0%), Stylized-ImageNet (+4.8%). With an enhanced EfficientNet-B8, our method achieves the state-of-the-art 85.5% ImageNet top-1 accuracy without extra data. This result even surpasses the best model in [20] which is trained with 3.5B Instagram images (~3000X more than ImageNet) and ~9.4X more parameters. Models are available at https://github.com/tensorflow/tpu/tree/master/models/official/efficientnet.

PDF Abstract CVPR 2020 PDF CVPR 2020 Abstract
Task Dataset Model Metric Name Metric Value Global Rank Result Benchmark
Image Classification ImageNet AdvProp (EfficientNet-B7) Top 1 Accuracy 85.2% # 239
Compare
Number of params 66M # 777
Compare
Image Classification ImageNet AdvProp (EfficientNet-B8) Top 1 Accuracy 85.5% # 212
Compare
Number of params 88M # 832
Compare
Domain Generalization VizWiz-Classification EfficientNet-B8 (advprop+autoaug) Accuracy - All Images 50.5 # 4
Compare
Accuracy - Corrupted Images 45.8 # 4
Compare
Accuracy - Clean Images 53.2 # 4
Compare
Domain Generalization VizWiz-Classification EfficientNet-B0 (advprop+autoaug) Accuracy - All Images 40.5 # 34
Compare
Accuracy - Corrupted Images 34.2 # 34
Compare
Accuracy - Clean Images 44.9 # 34
Compare
Domain Generalization VizWiz-Classification EfficientNet-B1 (advprop+autoaug) Accuracy - All Images 42.4 # 23
Compare
Accuracy - Corrupted Images 36.2 # 21
Compare
Accuracy - Clean Images 46.7 # 23
Compare
Domain Generalization VizWiz-Classification EfficientNet-B2 (advprop+autoaug) Accuracy - All Images 44.3 # 18
Compare
Accuracy - Corrupted Images 38.2 # 17
Compare
Accuracy - Clean Images 48 # 18
Compare
Domain Generalization VizWiz-Classification EfficientNet-B3 (advprop+autoaug) Accuracy - All Images 45.5 # 15
Compare
Accuracy - Corrupted Images 39.8 # 11
Compare
Accuracy - Clean Images 49.5 # 14
Compare
Domain Generalization VizWiz-Classification EfficientNet-B4 (advprop+autoaug) Accuracy - All Images 48.1 # 10
Compare
Accuracy - Corrupted Images 42.5 # 9
Compare
Accuracy - Clean Images 51.4 # 8
Compare
Domain Generalization VizWiz-Classification EfficientNet-B5 (advprop+autoaug) Accuracy - All Images 49.1 # 7
Compare
Accuracy - Corrupted Images 44 # 7
Compare
Accuracy - Clean Images 51.7 # 7
Compare
Domain Generalization VizWiz-Classification EfficientNet-B6 (advprop+autoaug) Accuracy - All Images 49.6 # 6
Compare
Accuracy - Corrupted Images 44.7 # 6
Compare
Accuracy - Clean Images 53.2 # 4
Compare
Domain Generalization VizWiz-Classification EfficientNet-B7 (advprop+autoaug) Accuracy - All Images 49.7 # 5
Compare
Accuracy - Corrupted Images 45 # 5
Compare
Accuracy - Clean Images 52 # 6
Compare

Methods
Add Remove

Contact us on: hello@paperswithcode.com . Papers With Code is a free resource with all data licensed under CC-BY-SA.
Terms Data policy Cookies policy