While deep neural networks (DNNs) have revolutionized many fields, their fragility to carefully designed adversarial attacks impedes the usage of DNNs in safety-critical applications. In this paper, we strive to explore the robust features which are not affected by the adversarial perturbations, i.e., invariant to the clean image and its adversarial examples, to improve the model's adversarial robustness. Specifically, we propose a feature disentanglement model to segregate the robust features from non-robust features and domain specific features. The extensive experiments on four widely used datasets with different attacks demonstrate that robust features obtained from our model improve the model's adversarial robustness compared to the state-of-the-art approaches. Moreover, the trained domain discriminator is able to identify the domain specific features from the clean images and adversarial examples almost perfectly. This enables adversarial example detection without incurring additional computational costs. With that, we can also specify different classifiers for clean images and adversarial examples, thereby avoiding any drop in clean image accuracy.

通过分离鲁棒特征和领域特定特征，我们提出了一个鲁棒特征分离模型，以增强模型的对抗性鲁棒性。同时，训练出的领域鉴别器几乎完美地能够识别出干净图像和对抗性样本中的领域特定特征，从而无需额外的计算成本实现对抗性样本的检测。这样一来，我们可以为干净图像和对抗性样本指定不同的分类器，避免了干净图像准确率的降低。

探索稳健特征以提升对抗性鲁棒性