Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Is it the model or the metric -- On robustness measures of deeplearning models

Zhijin Lyu, Yutong Jin, Sneha Das

TL;DR

This work tackles robustness evaluation of DL models in high-stakes contexts by criticizing RA's sole focus and proposing RR as a complementary, probability-stability metric. RR is grounded in the MLS^2 framework and quantifies how small input perturbations affect the model's output distribution, not just its final class label, with definitions $ \text{RA} = \frac{1}{N} \sum_{i=1}^{N} \mathbb{1}(\hat{y}_i = y_i)$ and $ \text{RR} = \frac{1}{N} \sum_{i=1}^{N} \phi^{i}_{rob}(\mathbf{w_i}, \mathbf{x_i})$. The authors evaluate RA and RR on deepfake detection models across image and video datasets under FGSM, PGD, and CW attacks with perturbation bounds $\epsilon$ up to 0.2, revealing that RA alone may obscure model-specific robustness patterns while RR exposes tolerance-dependent differences. The findings highlight RR's potential to guide model selection and guardrail design for application-specific robustness in automated decision systems.

Abstract

Determining the robustness of deep learning models is an established and ongoing challenge within automated decision-making systems. With the advent and success of techniques that enable advanced deep learning (DL), these models are being used in widespread applications, including high-stake ones like healthcare, education, border-control. Therefore, it is critical to understand the limitations of these models and predict their regions of failures, in order to create the necessary guardrails for their successful and safe deployment. In this work, we revisit robustness, specifically investigating the sufficiency of robust accuracy (RA), within the context of deepfake detection. We present robust ratio (RR) as a complementary metric, that can quantify the changes to the normalized or probability outcomes under input perturbation. We present a comparison of RA and RR and demonstrate that despite similar RA between models, the models show varying RR under different tolerance (perturbation) levels.

Is it the model or the metric -- On robustness measures of deeplearning models

TL;DR

This work tackles robustness evaluation of DL models in high-stakes contexts by criticizing RA's sole focus and proposing RR as a complementary, probability-stability metric. RR is grounded in the MLS^2 framework and quantifies how small input perturbations affect the model's output distribution, not just its final class label, with definitions and . The authors evaluate RA and RR on deepfake detection models across image and video datasets under FGSM, PGD, and CW attacks with perturbation bounds up to 0.2, revealing that RA alone may obscure model-specific robustness patterns while RR exposes tolerance-dependent differences. The findings highlight RR's potential to guide model selection and guardrail design for application-specific robustness in automated decision systems.

Abstract

Determining the robustness of deep learning models is an established and ongoing challenge within automated decision-making systems. With the advent and success of techniques that enable advanced deep learning (DL), these models are being used in widespread applications, including high-stake ones like healthcare, education, border-control. Therefore, it is critical to understand the limitations of these models and predict their regions of failures, in order to create the necessary guardrails for their successful and safe deployment. In this work, we revisit robustness, specifically investigating the sufficiency of robust accuracy (RA), within the context of deepfake detection. We present robust ratio (RR) as a complementary metric, that can quantify the changes to the normalized or probability outcomes under input perturbation. We present a comparison of RA and RR and demonstrate that despite similar RA between models, the models show varying RR under different tolerance (perturbation) levels.

Paper Structure

This paper contains 4 sections, 3 equations, 1 figure.

Table of Contents

  1. Introduction
  2. Robustness Metric
  3. Experimental Setup
  4. Results and discussion

Figures (1)

  • Figure 1: Comparison of a) Robust ratio vs. Tolerance on left-y-axis, and b) robust accuracy on right-y-axis.