Adversarial Training is the most effective approach for improving the robustness of Deep Neural Networks (DNNs). However, compared to the large body of research in optimizing the adversarial training process, there are few investigations into how architecture components affect robustness, and they rarely constrain model capacity. Thus, it is unclear where robustness precisely comes from. In this work, we present the first large-scale systematic study on the robustness of DNN architecture components under fixed parameter budgets. Through our investigation, we distill 18 actionable robust network design guidelines that empower model developers to gain deep insights. We demonstrate these guidelines' effectiveness by introducing the novel Robust Architecture (RobArch) model that instantiates the guidelines to build a family of top-performing models across parameter capacities against strong adversarial attacks. RobArch achieves the new state-of-the-art AutoAttack accuracy on the RobustBench ImageNet leaderboard. The code is available at $\href{https://github.com/ShengYun-Peng/RobArch}{\text{this url}}$.

本研究通过对DNN体系结构组件进行大规模系统研究，提炼出18个可操作的鲁棒网络设计准则，构建了一系列在参数容量上对抗攻击稳健的模型家族，并介绍了新型Robust Architecture (RobArch)模型的应用。通过我们的实验，RobArch在RobustBench ImageNet排行榜上的AutoAttack准确性达到了新的state-of-the-art。

RobArch：设计抗击恶意攻击的稳健架构