What problem does this paper attempt to address?

This paper attempts to explore and question whether the "robustness" of deep neural networks conforms to the traditional definition of robustness. Specifically, the author Peter Meer believes that although in the field of computer vision, many studies use "robustness" to describe the performance of deep neural networks, in fact, the robustness of these networks is limited and does not fully conform to the definition in traditional robust estimation. ### Core issues of the paper 1. **Definition of robustness**: - The goal of traditional robust estimation is to eliminate outliers from the data and find inliers. This process is usually achieved through pre - defined algorithms, does not require training, and modifications to the input data will not affect the main program. - The robustness of deep neural networks depends more on a large amount of training data and complex model structures, and its ability to handle outliers is limited. 2. **Robustness problems of deep neural networks**: - Deep neural networks may produce incorrect outputs when facing unseen inputs or slight adversarial perturbations. This vulnerability makes them not truly robust in some application scenarios. - For example, a small adversarial perturbation (which may be undetectable by humans) can cause a deep neural network to produce incorrect classification results. 3. **Comparison with traditional robust estimation methods**: - Traditional robust estimation methods (such as RANSAC) model the normal value structure through mathematical functions and can effectively handle outliers. These methods do not rely on a large amount of training data, and the parameter settings are relatively simple. - In contrast, although deep neural networks perform excellently in some tasks, their robustness depends on specific training data sets, and their performance will decline significantly when encountering new classes or unseen data. ### Conclusion By comparing historical reviews and modern research, the author concludes that the robustness of deep neural networks does not conform to the traditional definition of robustness. Therefore, the answer to the title of the paper "Are deep neural networks 'robust'?" is negative. ### Formula examples - **Huber loss function**: \[ L_\delta(a)=\begin{cases} \frac{1}{2}a^{2}&\text{if }|a|\leq\delta\\ \delta(|a| - \frac{1}{2}\delta)&\text{otherwise} \end{cases} \] where \(a\) is the residual and \(\delta\) is a threshold parameter used to balance the squared loss and the absolute loss. - **RANSAC algorithm**: - Select an elemental subset for random sampling. - Define a linear model candidate. - Assume that the candidate model is valid for all data points and calculate the distance from each data point to the model. - Data points with a distance less than \(\sigma\) are considered inliers. - Repeat the above steps \(M\) times and select the model with the largest consensus set as the final estimate. Through these analyses, the paper emphasizes the limitations of deep neural networks in terms of robustness and proposes directions for further research.