Robustness is a fundamental pillar of Machine Learning (ML) classifiers, substantially determining their reliability. Methods for assessing classifier robustness are therefore essential. In this work, we address the challenge of evaluating corruption robustness in a way that allows comparability and interpretability on a given dataset. We propose a test data augmentation method that uses a robustness distance $ε$ derived from the datasets minimal class separation distance. The resulting MSCR (minimal separation corruption robustness) metric allows a dataset-specific comparison of different classifiers with respect to their corruption robustness. The MSCR value is interpretable, as it represents the classifiers avoidable loss of accuracy due to statistical corruptions. On 2D and image data, we show that the metric reflects different levels of classifier robustness. Furthermore, we observe unexpected optima in classifiers robust accuracy through training and testing classifiers with different levels of noise. While researchers have frequently reported on a significant tradeoff on accuracy when training robust models, we strengthen the view that a tradeoff between accuracy and corruption robustness is not inherent. Our results indicate that robustness training through simple data augmentation can already slightly improve accuracy.

翻译：鲁棒性是机器学习分类器的基本支柱，在很大程度上决定了其可靠性。因此，评估分类器鲁棒性的方法至关重要。在本研究中，我们解决了如何以允许在给定数据集上进行可比性和可解释性评估的方式，来评估分类器抗干扰鲁棒性的挑战。我们提出了一种测试数据增强方法，该方法使用从数据集的最小类别分离距离导出的鲁棒性距离 $ε$。由此产生的 MSCR（最小分离抗干扰鲁棒性）指标允许在特定数据集上，针对不同分类器的抗干扰鲁棒性进行比较。MSCR 值具有可解释性，因为它代表了分类器由于统计干扰而可避免的精度损失。在二维和图像数据上，我们展示了该指标能够反映分类器鲁棒性的不同水平。此外，我们通过使用不同噪声水平训练和测试分类器，观察到分类器鲁棒精度存在意想不到的最优值。虽然研究人员经常报告在训练鲁棒模型时精度存在显著的权衡，但我们强化了以下观点：精度与抗干扰鲁棒性之间的权衡并非固有。我们的结果表明，通过简单的数据增强进行鲁棒性训练已经可以略微提高精度。