Revisiting Adversarial Training for ImageNet: Architectures, Training and Generalization across Threat Models. (arXiv:2303.01870v1 [cs.CV])

While adversarial training has been extensively studied for ResNet
architectures and low resolution datasets like CIFAR, much less is known for
ImageNet. Given the recent debate about whether transformers are more robust
than convnets, we revisit adversarial training on ImageNet comparing ViTs and
ConvNeXts. Extensive experiments show that minor changes in architecture, most
notably replacing PatchStem with ConvStem, and training scheme have a
significant impact on the achieved robustness. These changes not only increase
robustness in the seen $\ell_\infty$-threat model, …

adversarial architecture datasets impact low resolution threat threat models training transformers