Deep neural networks (DNNs) may suffer from significantly degenerated performance when the training and test data are of different underlying distributions. Despite the importance of model generalization to out-of-distribution (OOD) data, the accuracy of state-of-the-art (SOTA) models on OOD data can plummet. Recent work has demonstrated that regular or off-manifold adversarial examples, as a special case of data augmentation, can be used to improve OOD generalization. Inspired by this, we theoretically prove that on-manifold adversarial examples can better benefit OOD generalization. Nevertheless, it is nontrivial to generate on-manifold adversarial examples because the real manifold is generally complex. To address this issue, we proposed a novel method of Augmenting data with Adversarial examples via a Wavelet module (AdvWavAug), an on-manifold adversarial data augmentation technique that is simple to implement. In particular, we project a benign image into a wavelet domain. With the assistance of the sparsity characteristic of wavelet transformation, we can modify an image on the estimated data manifold. We conduct adversarial augmentation based on AdvProp training framework. Extensive experiments on different models and different datasets, including ImageNet and its distorted versions, demonstrate that our method can improve model generalization, especially on OOD data. By integrating AdvWavAug into the training process, we have achieved SOTA results on some recent transformer-based models.

翻译：深度神经网络（DNN）在训练数据与测试数据具有不同潜在分布时，其性能可能显著退化。尽管模型对分布外（OOD）数据的泛化能力至关重要，但当前最优（SOTA）模型在OOD数据上的准确率可能骤降。近期研究表明，作为数据增强的特例，常规或离流形对抗样本可用于改进OOD泛化能力。受此启发，我们从理论上证明了流形上的对抗样本能更有效地提升OOD泛化性能。然而，由于真实流形通常具有高度复杂性，生成流形上的对抗样本并非易事。为解决该问题，我们提出一种基于小波模块的对抗样本数据增强方法（AdvWavAug），这是一种易于实现的流形上对抗数据增强技术。具体而言，我们将良性图像投影至小波域，借助小波变换的稀疏特性实现对图像在估计数据流形上的修改。基于AdvProp训练框架进行对抗增强，在包括ImageNet及其畸变版本在内的多个模型与数据集上的广泛实验表明，本方法能显著提升模型泛化能力，尤其对OOD数据表现优异。通过将AdvWavAug融入训练过程，我们在部分基于Transformer的最新模型上取得了SOTA结果。