REST: Performance Improvement of a Black Box Model via RL-based Spatial Transformation

by   Jae Myung Kim, et al.

In recent years, deep neural networks (DNN) have become a highly active area of research, and shown remarkable achievements on a variety of computer vision tasks. DNNs, however, are known to often make overconfident yet incorrect predictions on out-of-distribution samples, which can be a major obstacle to real-world deployments because the training dataset is always limited compared to diverse real-world samples. Thus, it is fundamental to provide guarantees of robustness to the distribution shift between training and test time when we construct DNN models in practice. Moreover, in many cases, the deep learning models are deployed as black boxes and the performance has been already optimized for a training dataset, thus changing the black box itself can lead to performance degradation. We here study the robustness to the geometric transformations in a specific condition where the black-box image classifier is given. We propose an additional learner, REinforcement Spatial Transform learner (REST), that transforms the warped input data into samples regarded as in-distribution by the black-box models. Our work aims to improve the robustness by adding a REST module in front of any black boxes and training only the REST module without retraining the original black box model in an end-to-end manner, i.e. we try to convert the real-world data into training distribution which the performance of the black-box model is best suited for. We use a confidence score that is obtained from the black-box model to determine whether the transformed input is drawn from in-distribution. We empirically show that our method has an advantage in generalization to geometric transformations and sample efficiency.


page 2

page 4

page 5

page 6


Black-box Adversarial Sample Generation Based on Differential Evolution

Deep Neural Networks (DNNs) are being used in various daily tasks such a...

Towards Verifying the Geometric Robustness of Large-scale Neural Networks

Deep neural networks (DNNs) are known to be vulnerable to adversarial ge...

Black-box Detection of Backdoor Attacks with Limited Information and Data

Although deep neural networks (DNNs) have made rapid progress in recent ...

DOCTOR: A Simple Method for Detecting Misclassification Errors

Deep neural networks (DNNs) have shown to perform very well on large sca...

Real-world-robustness of tree-based classifiers

The concept of trustworthy AI has gained widespread attention lately. On...

Coloring black boxes: visualization of neural network decisions

Neural networks are commonly regarded as black boxes performing incompre...

Online Black-Box Confidence Estimation of Deep Neural Networks

Autonomous driving (AD) and advanced driver assistance systems (ADAS) in...

Please sign up or login with your details

Forgot password? Click here to reset