Neural Architectures Search (NAS) becomes more and more popular over these years. However, NAS-generated models tends to suffer greater vulnerability to various malicious attacks. Lots of robust NAS methods leverage adversarial training to enhance the robustness of NAS-generated models, however, they neglected the nature accuracy of NAS-generated models. In our paper, we propose a novel NAS method, Robust Neural Architecture Search (RNAS). To design a regularization term to balance accuracy and robustness, RNAS generates architectures with both high accuracy and good robustness. To reduce search cost, we further propose to use noise examples instead adversarial examples as input to search architectures. Extensive experiments show that RNAS achieves state-of-the-art (SOTA) performance on both image classification and adversarial attacks, which illustrates the proposed RNAS achieves a good tradeoff between robustness and accuracy.

翻译：神经架构搜索（NAS）近年来日益流行。然而，NAS生成的模型往往更容易受到各类恶意攻击的影响。许多鲁棒NAS方法利用对抗训练来增强NAS生成模型的鲁棒性，但忽略了NAS生成模型的自然精度。本文提出一种新颖的NAS方法——鲁棒神经架构搜索（RNAS）。通过设计一项正则化项来平衡准确性与鲁棒性，RNAS生成的架构兼具高准确率和良好的鲁棒性。为降低搜索成本，我们进一步提出使用噪声样本而非对抗样本作为架构搜索的输入。大量实验表明，RNAS在图像分类和对抗攻击任务上均达到最先进（SOTA）性能，这验证了所提出的RNAS在鲁棒性与准确性之间实现了良好的权衡。