Title: Achieving Scalable, Supralinear Adversarial Robustness in CNNs via Noise and Bilateral Filtering

Abstract

The susceptibility of deep neural networks to adversarial examples remains a major obstacle to their practical implementation. While adversarial training is a potent method for strengthening network resilience, it demands substantial computational resources and is often optimized for particular attack vectors. Previous efforts have attempted to mitigate these issues by employing strategies like Gaussian noise injection or image filtering. Although these methods can modestly improve robustness against diverse attacks, they are not standalone solutions. In this study, we provide a theoretical proof that Gaussian noise and filtering operate via complementary mechanisms, thereby generating supralinear robustness when integrated. Leveraging this finding, we demonstrate experimentally that a straightforward preprocessor merging Gaussian noise with bilateral filtering delivers significant, supralinear gains in adversarial robustness at a negligible computational expense.

To evaluate the effectiveness of this approach, we integrated our preprocessor with adversarial training and benchmarked it on RobustBench against leading defenses. The results highlight two key advantages:

1. High Efficiency: Our method achieved the second-highest rank on AutoAttack and third overall. Remarkably, this performance was attained using only approximately 35% of the training FLOPs required by state-of-the-art defenses. Furthermore, the model employed roughly 50% fewer parameters, was trained in about 33% of the epochs, and utilized only 15% of the data compared to current top-tier defenses.
2. Scalability: The approach scales efficiently, matching the accuracy of competing models while requiring 2 to 8 times less total compute power across three orders of magnitude.

In summary, this work presents a principled, easily integrable framework for bolstering adversarial robustness. It combines a theoretically sound design with minimal computational overhead, offering a simple yet effective solution for enhancing deep learning security.

Source: arXiv Generated at: 2026-06-02 00:00:00 UTC