Deep neural networks have been shown to perform poorly on adversarial examples. To address this, several techniques have been proposed to increase robustness of a model for image classification tasks. However, in video understanding tasks, developing adversarially robust models is still unexplored. In this paper, we aim to bridge this gap. We first show that simple extensions of image based adversarially robust models slightly improve the worst-case performance. Further, we propose a temporal attention regularization scheme in Transformer to improve the robustness of attention modules to adversarial examples. We illustrate using a large-scale video data set YouTube-8M that the final model (A-ART) achieves close to non-adversarial performance on its adversarial example set. We achieve 91% GAP on adversarial examples, whereas baseline Transformer and simple adversarial extensions achieve 72.9% and 82% respectively, showing significant improvement in robustness over the state-of-the-art.

翻译：深神经网络在对抗性实例中表现不佳。 为了解决这个问题,已经提出几种技术来提高图像分类任务模型的稳健性。 但是,在视频理解任务中,开发对抗性强模型仍未被探索。 在本文中,我们的目标是弥合这一差距。 我们首先显示,基于对抗性强图像模型的简单扩展略微改善了最坏情况的性能。 此外,我们提议在变换器中建立一个时间关注监管机制,以提高对对抗性实例的关注模块的稳健性。 我们用一个大型视频数据集YouTube-8M来说明,最终模型(A-ART)在其对抗性范例集上接近非对抗性业绩。我们实现了91%的对抗性实例GAP,而基线变换换器和简单的对抗性扩展分别达到72.9%和82%,表明对最新技术的稳健度有了显著改善。