Adversarial robustness against multiple l_p-threat models at the price of one and how to quickly fine-tune robust models to another threat model

05/26/2021
by   Francesco Croce, et al.
0

Adversarial training (AT) in order to achieve adversarial robustness wrt single l_p-threat models has been discussed extensively. However, for safety-critical systems adversarial robustness should be achieved wrt all l_p-threat models simultaneously. In this paper we develop a simple and efficient training scheme to achieve adversarial robustness against the union of l_p-threat models. Our novel l_1+l_∞-AT scheme is based on geometric considerations of the different l_p-balls and costs as much as normal adversarial training against a single l_p-threat model. Moreover, we show that using our l_1+l_∞-AT scheme one can fine-tune with just 3 epochs any l_p-robust model (for p ∈{1,2,∞}) and achieve multiple norm adversarial robustness. In this way we boost the previous state-of-the-art reported for multiple-norm robustness by more than 6% on CIFAR-10 and report up to our knowledge the first ImageNet models with multiple norm robustness. Moreover, we study the general transfer of adversarial robustness between different threat models and in this way boost the previous SOTA l_1-robustness on CIFAR-10 by almost 10%.

READ FULL TEXT
POST COMMENT

Comments

There are no comments yet.

Authors

page 1

page 2

page 3

page 4

09/09/2019

Adversarial Robustness Against the Union of Multiple Perturbation Models

Owing to the susceptibility of deep learning systems to adversarial atta...
12/12/2021

Interpolated Joint Space Adversarial Training for Robust and Generalizable Defenses

Adversarial training (AT) is considered to be one of the most reliable d...
11/09/2021

Data Augmentation Can Improve Robustness

Adversarial training suffers from robust overfitting, a phenomenon where...
02/22/2022

On the Effectiveness of Adversarial Training against Backdoor Attacks

DNNs' demand for massive data forces practitioners to collect data from ...
03/02/2021

Fixing Data Augmentation to Improve Adversarial Robustness

Adversarial training suffers from robust overfitting, a phenomenon where...
08/30/2021

Sample Efficient Detection and Classification of Adversarial Attacks via Self-Supervised Embeddings

Adversarial robustness of deep models is pivotal in ensuring safe deploy...
05/31/2021

Robustifying ℓ_∞ Adversarial Training to the Union of Perturbation Models

Classical adversarial training (AT) frameworks are designed to achieve h...

Code Repositories

robust-finetuning

Code relative to "Adversarial robustness against multiple $l_p$-threat models at the price of one and how to quickly fine-tune robust models to another threat model"


view repo
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.