Adversarial robustness against multiple l_p-threat models at the price of one and how to quickly fine-tune robust models to another threat model

05/26/2021
by   Francesco Croce, et al.
0

Adversarial training (AT) in order to achieve adversarial robustness wrt single l_p-threat models has been discussed extensively. However, for safety-critical systems adversarial robustness should be achieved wrt all l_p-threat models simultaneously. In this paper we develop a simple and efficient training scheme to achieve adversarial robustness against the union of l_p-threat models. Our novel l_1+l_∞-AT scheme is based on geometric considerations of the different l_p-balls and costs as much as normal adversarial training against a single l_p-threat model. Moreover, we show that using our l_1+l_∞-AT scheme one can fine-tune with just 3 epochs any l_p-robust model (for p ∈{1,2,∞}) and achieve multiple norm adversarial robustness. In this way we boost the previous state-of-the-art reported for multiple-norm robustness by more than 6% on CIFAR-10 and report up to our knowledge the first ImageNet models with multiple norm robustness. Moreover, we study the general transfer of adversarial robustness between different threat models and in this way boost the previous SOTA l_1-robustness on CIFAR-10 by almost 10%.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
03/03/2023

Revisiting Adversarial Training for ImageNet: Architectures, Training and Generalization across Threat Models

While adversarial training has been extensively studied for ResNet archi...
research
02/09/2023

Better Diffusion Models Further Improve Adversarial Training

It has been recognized that the data generated by the denoising diffusio...
research
09/09/2019

Adversarial Robustness Against the Union of Multiple Perturbation Models

Owing to the susceptibility of deep learning systems to adversarial atta...
research
02/20/2023

Seasoning Model Soups for Robustness to Adversarial and Natural Distribution Shifts

Adversarial training is widely used to make classifiers robust to a spec...
research
06/12/2023

How robust accuracy suffers from certified training with convex relaxations

Adversarial attacks pose significant threats to deploying state-of-the-a...
research
02/22/2023

On the Robustness of ChatGPT: An Adversarial and Out-of-distribution Perspective

ChatGPT is a recent chatbot service released by OpenAI and is receiving ...
research
07/14/2022

Provably Adversarially Robust Nearest Prototype Classifiers

Nearest prototype classifiers (NPCs) assign to each input point the labe...

Please sign up or login with your details

Forgot password? Click here to reset