Adversarial Robustness Limits via Scaling-Law and Human-Alignment Studies

arXiv:2404.09349v1 Announce Type: cross
Abstract: This paper revisits the simple, long-studied, yet still unsolved problem of making image classifiers robust to imperceptible perturbations. Taking CIFAR10 as an example, SOTA clean accuracy is about $100$%, but SOTA robustness to $\ell_{\infty}$-norm bounded perturbations barely exceeds $70$%. To understand this gap, we analyze how model size, dataset size, and synthetic data quality affect robustness by developing the first scaling laws for adversarial training. Our scaling laws reveal inefficiencies in prior art and provide …

accuracy adversarial alignment arxiv cs.cr cs.cv cs.lg gap human image law making problem robustness scaling simple sota studies understand unsolved