Beyond Dropout: Robust Convolutional Neural Networks Based on Local Feature Masking
Yunpeng Gong, Chuangliang Zhang, Yongjie Hou, Lifei Chen, Min Jiang
TL;DR
This work tackles the trade-off between generalization and adversarial robustness in CNNs by introducing Local Feature Masking (LFM), a lightweight regularization that randomly masks local regions in shallow feature maps during training. Implemented in backbones such as ResNet-50, LFM adds three sources of randomness—sample, channel, and spatial mask placement—applied to conv1 outputs to encourage robust representations without sacrificing accuracy. Through extensive experiments on person re-identification benchmarks (Market-1501 and DukeMTMC-reID) and adversarial attack simulations, LFM improves both generalization (higher Rank-1 and mAP) and robustness, outperforming vanilla Dropout and complementing other defenses like Cutout and re-ranking. The results suggest LFM is a practical, easily integrable regularization that enhances CNN resilience and generalization, with potential applicability across architectures and vision tasks.
Abstract
In the contemporary of deep learning, where models often grapple with the challenge of simultaneously achieving robustness against adversarial attacks and strong generalization capabilities, this study introduces an innovative Local Feature Masking (LFM) strategy aimed at fortifying the performance of Convolutional Neural Networks (CNNs) on both fronts. During the training phase, we strategically incorporate random feature masking in the shallow layers of CNNs, effectively alleviating overfitting issues, thereby enhancing the model's generalization ability and bolstering its resilience to adversarial attacks. LFM compels the network to adapt by leveraging remaining features to compensate for the absence of certain semantic features, nurturing a more elastic feature learning mechanism. The efficacy of LFM is substantiated through a series of quantitative and qualitative assessments, collectively showcasing a consistent and significant improvement in CNN's generalization ability and resistance against adversarial attacks--a phenomenon not observed in current and prior methodologies. The seamless integration of LFM into established CNN frameworks underscores its potential to advance both generalization and adversarial robustness within the deep learning paradigm. Through comprehensive experiments, including robust person re-identification baseline generalization experiments and adversarial attack experiments, we demonstrate the substantial enhancements offered by LFM in addressing the aforementioned challenges. This contribution represents a noteworthy stride in advancing robust neural network architectures.