DeepAI AI Chat
Log In Sign Up

Label Smoothing and Adversarial Robustness

by   Chaohao Fu, et al.
Shanghai Jiao Tong University

Recent studies indicate that current adversarial attack methods are flawed and easy to fail when encountering some deliberately designed defense. Sometimes even a slight modification in the model details will invalidate the attack. We find that training model with label smoothing can easily achieve striking accuracy under most gradient-based attacks. For instance, the robust accuracy of a WideResNet model trained with label smoothing on CIFAR-10 achieves 75 subtle robustness, we investigate the relationship between label smoothing and adversarial robustness. Through theoretical analysis about the characteristics of the network trained with label smoothing and experiment verification of its performance under various attacks. We demonstrate that the robustness produced by label smoothing is incomplete based on the fact that its defense effect is volatile, and it cannot defend attacks transferred from a naturally trained model. Our study enlightens the research community to rethink how to evaluate the model's robustness appropriately.


page 1

page 2

page 3

page 4


In and Out-of-Domain Text Adversarial Robustness via Label Smoothing

Recently it has been shown that state-of-the-art NLP models are vulnerab...

Imbalanced Gradients: A New Cause of Overestimated Adversarial Robustness

Evaluating the robustness of a defense model is a challenging task in ad...

Adversarial Robustness via Adversarial Label-Smoothing

We study Label-Smoothing as a means for improving adversarial robustness...

Guided Diffusion Model for Adversarial Purification from Random Noise

In this paper, we propose a novel guided diffusion purification approach...

Improving the Accuracy-Robustness Trade-off of Classifiers via Adaptive Smoothing

While it is shown in the literature that simultaneously accurate and rob...

Adversarially Trained Model Compression: When Robustness Meets Efficiency

The robustness of deep models to adversarial attacks has gained signific...

Distinguishing Non-natural from Natural Adversarial Samples for More Robust Pre-trained Language Model

Recently, the problem of robustness of pre-trained language models (PrLM...