Robustness is a fundamental property of machine learning classifiers to achieve safety and reliability. In the fields of adversarial robustness and formal robustness verification of image classification models, robustness is commonly defined as the stability to all input variations within an Lp-norm distance. However, robustness to random corruptions is usually improved and evaluated using variations observed in the real-world, while mathematically defined Lp-norm corruptions are rarely considered. This study investigates the use of random Lp-norm corruptions to augment the training and test data of image classifiers. We adapt an approach from the field of adversarial robustness to assess the model robustness to imperceptible random corruptions. We empirically and theoretically investigate whether robustness is transferable across different Lp-norms and derive conclusions on which Lp-norm corruptions a model should be trained and evaluated on. We find that training data augmentation with L0-norm corruptions improves corruption robustness while maintaining accuracy compared to standard training and when applied on top of selected state-of-the-art data augmentation techniques.

翻译：鲁棒性是机器学习分类器实现安全性与可靠性的基本属性。在图像分类模型的对抗鲁棒性与形式化鲁棒性验证领域，鲁棒性通常被定义为对Lp范数距离内所有输入变化的稳定性。然而，针对随机扰动的鲁棒性通常采用真实世界中观测到的变化进行改进与评估，而数学定义的Lp范数扰动则鲜少被考虑。本研究探讨了利用随机Lp范数扰动增强图像分类器训练与测试数据的可行性。我们借鉴对抗鲁棒性领域的方法，评估模型对不可察觉随机扰动的鲁棒性。通过理论与实证分析，我们探究了不同Lp范数之间鲁棒性是否可迁移，并得出模型应对哪些Lp范数扰动进行训练与评估的结论。研究发现，与标准训练相比，采用L0范数扰动进行训练数据增强可在保持精度的同时提升对扰动的鲁棒性；当将其应用于已有先进数据增强技术时，亦能取得类似效果。