A Study of Techniques for Robustness to Out-of-Distribution Examples

Abstract

Deep neural networks have achieved remarkable success and human-level performance in many tasks and yet, behave unpredictably when input examples are not guaranteed to be similar to the train distribution. In this thesis, we address the limitations of deep neural networks under distributional shifts, focusing on adversarial examples, covariate shifts, and out-of-distribution (OOD) samples. Ideally, we expect a robust neural network to withstand adversarial perturbations, adapt to covariate shifts, and gracefully refuse to operate on OOD examples. Recognising robustness as a critical challenge for safe and trustworthy deployment, we develop and evaluate train-time and post-training methods --- and their combination --- to address the aforementioned aspects of robustness.

First, we introduce a novel post-training OOD detection technique based on Gram matrices of intermediate representations. Notably, this method achieves state-of-the-art performance on several benchmarks without requiring prior knowledge of OOD examples. Our method can also be combined with Outlier-Exposure (OE) to achieve improved robustness, especially on challenging near-distribution outliers. However, since OE relies upon extra data, we explore generative models for improved robustness as described below.

Next, we introduce DiffAug, a diffusion-based augmentation method for enhancing robustness against covariate shifts, adversarial perturbations, and OOD inputs. Using DiffAug, we also improve classifier-guided diffusion by achieving improved perceptual alignment of gradients. We thus introduce a computationally efficient technique for training with improved robustness that does not require any additional data, and effectively complements existing augmentation approaches.

Moving beyond image classification, we also explore robustness in time-series forecasting --- a domain inherently affected by non-stationary distribution shifts. Building on the DeepTime framework, we propose a theoretically motivated regularization term that improves forecast accuracy under challenging conditions, such as missing data, reduced training set sizes, or higher test-time frequencies.

In summary, we present train-time and post-training techniques to enhance model robustness. Beyond their application to improve model robustness, we believe that the research findings offer new insights about the internal workings of a neural-network opening up several interesting future research directions.