Deep neural networks (DNNs) have been shown to be vulnerable to adversarial attacks -- subtle, perceptually indistinguishable perturbations of inputs that change the response of the model. In the context of vision, we hypothesize that an important contributor to the robustness of human visual perception is constant exposure to low-fidelity visual stimuli in our peripheral vision. To investigate this hypothesis, we develop \RBlur, an image transform that simulates the loss in fidelity of peripheral vision by blurring the image and reducing its color saturation based on the distance from a given fixation point. We show that compared to DNNs trained on the original images, DNNs trained on images transformed by \RBlur are substantially more robust to adversarial attacks, as well as other, non-adversarial, corruptions, achieving up to 25\% higher accuracy on perturbed data.

翻译：深度神经网络（DNN）已被证明易受对抗攻击——即对输入施加微妙且感知上不可区分的扰动，从而改变模型响应。在视觉领域，我们假设人类视觉感知鲁棒性的一个重要贡献因素在于我们周边视觉中持续暴露于低保真度的视觉刺激。为验证这一假设，我们提出了一种名为\RBlur的图像变换方法，该方法通过根据给定注视点的距离对图像进行模糊处理并降低其色彩饱和度，模拟周边视觉的保真度损失。研究表明，与基于原始图像训练的DNN相比，经\RBlur变换图像训练的DNN对对抗攻击及其他非对抗性损坏表现出显著更强的鲁棒性，在扰动数据上的准确率提升高达25%。