尽管对图像分类任务的表现令人印象深刻，但深网络仍然难以概括其数据的许多常见损坏。为解决此漏洞，事先作品主要专注于提高其培训管道的复杂性，以多样性的名义结合多种方法。然而，在这项工作中，我们逐步回来并遵循原则的方法来实现共同腐败的稳健性。我们提出了一个普遍的数据增强方案，包括最大熵图像变换的简单系列。我们展示了Prime优于现有技术的腐败鲁棒性，而其简单和即插即用性质使其能够与其他方法结合以进一步提升其稳健性。此外，我们分析了对综合腐败图像混合策略的重要性，并揭示了在共同腐败背景下产生的鲁棒性准确性权衡的重要性。最后，我们表明我们的方法的计算效率允许它在线和离线数据增强方案轻松使用。

现在是车辆轨迹预测是自动驾驶汽车的基本支柱。行业和研究社区都通过运行公共基准来承认这一柱的需求。而最先进的方法令人印象深刻，即，他们没有越野预测，他们对基准之外的城市的概括是未知的。在这项工作中，我们表明这些方法不会概括为新场景。我们提出了一种新颖的方法，可自动生成逼真的场景，导致最先进的模型越野。我们通过对抗场景生成的镜头来框架问题。我们推广基于原子场景生成功能的简单而有效的生成模型以及物理约束。我们的实验表明，可以在制作预测方法失败的方式中修改来自当前基准的超过60 000 \％$ 60 \％。我们进一步表明（i）生成的场景是现实的，因为它们确实存在于现实世界中，并且（ii）可用于使现有型号强大30-40％。代码可在https://sattack.github.io/处获得。

State-of-the-art classifiers have been shown to be largely vulnerable to adversarial perturbations. One of the most effective strategies to improve robustness is adversarial training. In this paper, we investigate the effect of adversarial training on the geometry of the classification landscape and decision boundaries. We show in particular that adversarial training leads to a significant decrease in the curvature of the loss surface with respect to inputs, leading to a drastically more "linear" behaviour of the network. Using a locally quadratic approximation, we provide theoretical evidence on the existence of a strong relation between large robustness and small curvature. To further show the importance of reduced curvature for improving the robustness, we propose a new regularizer that directly minimizes curvature of the loss surface, and leads to adversarial robustness that is on par with adversarial training. Besides being a more efficient and principled alternative to adversarial training, the proposed regularizer confirms our claims on the importance of exhibiting quasi-linear behavior in the vicinity of data points in order to achieve robustness.

Given a state-of-the-art deep neural network classifier, we show the existence of a universal (image-agnostic) and very small perturbation vector that causes natural images to be misclassified with high probability. We propose a systematic algorithm for computing universal perturbations, and show that state-of-the-art deep neural networks are highly vulnerable to such perturbations, albeit being quasiimperceptible to the human eye. We further empirically analyze these universal perturbations and show, in particular, that they generalize very well across neural networks. The surprising existence of universal perturbations reveals important geometric correlations among the high-dimensional decision boundary of classifiers. It further outlines potential security breaches with the existence of single directions in the input space that adversaries can possibly exploit to break a classifier on most natural images. 1

State-of-the-art deep neural networks have achieved impressive results on many image classification tasks. However, these same architectures have been shown to be unstable to small, well sought, perturbations of the images. Despite the importance of this phenomenon, no effective methods have been proposed to accurately compute the robustness of state-of-the-art deep classifiers to such perturbations on large-scale datasets. In this paper, we fill this gap and propose the DeepFool algorithm to efficiently compute perturbations that fool deep networks, and thus reliably quantify the robustness of these classifiers. Extensive experimental results show that our approach outperforms recent methods in the task of computing adversarial perturbations and making classifiers more robust. 1