Lagrangian Objective Function Leads to Improved Unforeseen Attack Generalization in Adversarial Training

03/29/2021
by   Mohammad Azizmalayeri, et al.
0

Recent improvements in deep learning models and their practical applications have raised concerns about the robustness of these models against adversarial examples. Adversarial training (AT) has been shown effective to reach a robust model against the attack that is used during training. However, it usually fails against other attacks, i.e. the model overfits to the training attack scheme. In this paper, we propose a simple modification to the AT that mitigates the mentioned issue. More specifically, we minimize the perturbation ℓ_p norm while maximizing the classification loss in the Lagrangian form. We argue that crafting adversarial examples based on this scheme results in enhanced attack generalization in the learned model. We compare our final model robust accuracy against attacks that were not used during training to closely related state-of-the-art AT methods. This comparison demonstrates that our average robust accuracy against unseen attacks is 5.9 dataset and is 3.2 state-of-the-art methods. We also demonstrate that our attack is faster than other attack schemes that are designed for unseen attack generalization, and conclude that it is feasible for large-scale datasets.

READ FULL TEXT

page 8

page 12

research
11/04/2016

Adversarial Machine Learning at Scale

Adversarial examples are malicious inputs designed to fool machine learn...
research
09/02/2021

Excess Capacity and Backdoor Poisoning

A backdoor data poisoning attack is an adversarial attack wherein the at...
research
12/22/2020

Self-Progressing Robust Training

Enhancing model robustness under new and even adversarial environments i...
research
03/30/2020

Towards Deep Learning Models Resistant to Large Perturbations

Adversarial robustness has proven to be a required property of machine l...
research
06/07/2023

PromptAttack: Probing Dialogue State Trackers with Adversarial Prompts

A key component of modern conversational systems is the Dialogue State T...
research
05/18/2023

Re-thinking Data Availablity Attacks Against Deep Neural Networks

The unauthorized use of personal data for commercial purposes and the cl...
research
02/13/2020

The Conditional Entropy Bottleneck

Much of the field of Machine Learning exhibits a prominent set of failur...

Please sign up or login with your details

Forgot password? Click here to reset