Robust Experts: the Effect of Adversarial Training on CNNs with Sparse Mixture-of-Experts Layers
Abstract:
Robustifying convolutional neural networks (CNNs) against adversarial attacks remains challenging and often requires resource-intensive countermeasures. We explore the use of sparse mixture-of-experts (MoE) layers to improve robustness by replacing selected residual blocks or convolutional layers, thereby increasing model capacity without additional inference cost. On ResNet architectures trained on CIFAR-100, we find that inserting a single MoE layer in the deeper stages leads to consistent improvements in robustness under PGD and AutoPGD attacks when combined with adversarial training. Furthermore, we discover that when switch loss is used for balancing, it causes routing to collapse onto a small set of overused experts, thereby concentrating adversarial training on these paths and inadvertently making them more robust. As a result, some individual experts outperform the gated MoE model in robustness, suggesting that robust subpaths emerge through specialization. Our code is available at https://github.com/KASTEL-MobilityLab/robust-sparse-moes.
| Zugehörige Institution(en) am KIT | Institut für Angewandte Informatik und Formale Beschreibungsverfahren (AIFB) |
| Publikationstyp | Proceedingsbeitrag |
| Publikationsdatum | 19.10.2025 |
| Sprache | Englisch |
| Identifikator | ISBN: 979-8-3315-8988-2 KITopen-ID: 1000192097 |
| HGF-Programm | 46.23.03 (POF IV, LK 01) Engineering Security for Mobility Systems |
| Erschienen in | 2025 IEEE/CVF International Conference on Computer Vision Workshops (ICCVW) |
| Veranstaltung | IEEE/CVF International Conference on Computer Vision Workshops (ICCVW 2025), Honolulu, HI, USA, 19.10.2025 – 20.10.2025 |
| Verlag | Institute of Electrical and Electronics Engineers (IEEE) |
| Seiten | 251–260 |
| Schlagwörter | adversarial attacks, mixture of experts |
| Nachgewiesen in | OpenAlex |