Improving Adversarial Robustness Through Progressive Hardening

03/18/2020
by   Chawin Sitawarin, et al.
1

Adversarial training (AT) has become a popular choice for training robust networks. However, by virtue of its formulation, AT tends to sacrifice clean accuracy heavily in favor of robustness. Furthermore, AT with a large perturbation budget can cause models to get stuck at poor local minima and behave like a constant function, always predicting the same class. To address the above concerns we propose Adversarial Training with Early Stopping (ATES). The design of ATES is guided by principles from curriculum learning that emphasizes on starting "easy" and gradually ramping up on the "difficulty" of training. We do so by early stopping the adversarial example generation step in AT, progressively increasing difficulty of the samples the network trains on. This stabilizes network training even for large perturbation budgets and allows the network to operate at a better clean accuracy versus robustness trade-off curve compared to AT. Functionally, this leads to a significant improvement in both clean accuracy and robustness for ATES models.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
02/17/2020

CAT: Customized Adversarial Training for Improved Robustness

Adversarial training has become one of the most effective methods for im...
research
03/20/2020

Adversarial Robustness on In- and Out-Distribution Improves Explainability

Neural networks have led to major improvements in image classification b...
research
08/26/2022

Lower Difficulty and Better Robustness: A Bregman Divergence Perspective for Adversarial Training

In this paper, we investigate on improving the adversarial robustness ob...
research
11/25/2022

Boundary Adversarial Examples Against Adversarial Overfitting

Standard adversarial training approaches suffer from robust overfitting ...
research
10/04/2022

Strength-Adaptive Adversarial Training

Adversarial training (AT) is proved to reliably improve network's robust...
research
04/10/2020

Blind Adversarial Training: Balance Accuracy and Robustness

Adversarial training (AT) aims to improve the robustness of deep learnin...
research
05/22/2022

AutoJoin: Efficient Adversarial Training for Robust Maneuvering via Denoising Autoencoder and Joint Learning

As a result of increasingly adopted machine learning algorithms and ubiq...

Please sign up or login with your details

Forgot password? Click here to reset