Do Counterfactual Examples Complicate Adversarial Training?

arXiv:2404.10588v1 Announce Type: new
Abstract: We leverage diffusion models to study the robustness-performance tradeoff of robust classifiers. Our approach introduces a simple, pretrained diffusion method to generate low-norm counterfactual examples (CEs): semantically altered data which results in different true class membership. We report that the confidence and accuracy of robust models on their clean training data are associated with the proximity of the data to their CEs. Moreover, robust models perform very poorly when evaluated on the CEs directly, as …

abstract accuracy adversarial adversarial training arxiv ces class classifiers confidence counterfactual cs.cv cs.lg data diffusion diffusion models examples generate low norm performance report results robust robust models robustness simple study training true type