Beyond Uniform Sampling: Synergistic Active Learning and Input Denoising for Robust Neural Operators
Summary: arXiv:2604.13316v1 Announce Type: cross
Abstract
Neural operators have emerged as fast surrogate models for physics simulations, yet they remain acutely vulnerable to adversarial perturbations, a critical liability for safety-critical digital twin deployments. We present a synergistic defense that combines active learning-based data generation with an input denoising architecture. The active learning component adaptively probes model weaknesses using differential evolution attacks, then generates targeted training data at discovered vulnerability locations while an adaptive smooth-ratio safeguard preserves baseline accuracy. The input denoising component augments the operator architecture with a learnable bottleneck that filters adversarial noise while retaining physics-relevant features.
Key Findings
On the viscous Burgers’ equation benchmark, the combined approach achieves a 2.04% combined error (1.21% baseline + 0.83% robustness), representing an 87% reduction relative to standard training (15.42% combined) and outperforming both active learning alone (3.42%) and input denoising alone (5.22%). More broadly, our results, combined with cross-architecture vulnerability analysis from prior work, suggest that optimal training data for neural operators is architecture-dependent:
- Different architectures concentrate sensitivity in distinct input subspaces.
- Uniform sampling cannot adequately cover the vulnerability landscape of all models.
Implications for Safety-Critical Systems
These findings have potential implications for the deployment of neural operators in safety-critical energy systems including nuclear reactor monitoring. The ability to effectively filter adversarial noise while simultaneously enhancing model accuracy can significantly reduce the risks associated with deploying neural operators in such sensitive applications.
Conclusion
The integration of active learning and input denoising represents a promising advancement in the robustness of neural operators. By addressing their susceptibility to adversarial perturbations, this synergistic approach not only enhances performance but also improves the reliability of models used for critical applications. Future research could further explore the architecture-dependent nature of optimal training data and develop more sophisticated methods for ensuring the safety and effectiveness of neural operators in real-world scenarios.