Regional Adversarial Training for Better Robust Generalization

09/02/2021
by   Chuanbiao Song, et al.
0

Adversarial training (AT) has been demonstrated as one of the most promising defense methods against various adversarial attacks. To our knowledge, existing AT-based methods usually train with the locally most adversarial perturbed points and treat all the perturbed points equally, which may lead to considerably weaker adversarial robust generalization on test data. In this work, we introduce a new adversarial training framework that considers the diversity as well as characteristics of the perturbed points in the vicinity of benign samples. To realize the framework, we propose a Regional Adversarial Training (RAT) defense method that first utilizes the attack path generated by the typical iterative attack method of projected gradient descent (PGD), and constructs an adversarial region based on the attack path. Then, RAT samples diverse perturbed training points efficiently inside this region, and utilizes a distance-aware label smoothing mechanism to capture our intuition that perturbed points at different locations should have different impact on the model performance. Extensive experiments on several benchmark datasets show that RAT consistently makes significant improvement on standard adversarial training (SAT), and exhibits better robust generalization.

READ FULL TEXT

page 5

page 10

research
02/17/2020

CAT: Customized Adversarial Training for Improved Robustness

Adversarial training has become one of the most effective methods for im...
research
03/24/2023

PIAT: Parameter Interpolation based Adversarial Training for Image Classification

Adversarial training has been demonstrated to be the most effective appr...
research
11/30/2020

Guided Adversarial Attack for Evaluating and Enhancing Adversarial Defenses

Advances in the development of adversarial attacks have been fundamental...
research
12/08/2018

AutoGAN: Robust Classifier Against Adversarial Attacks

Classifiers fail to classify correctly input images that have been purpo...
research
12/15/2020

Amata: An Annealing Mechanism for Adversarial Training Acceleration

Despite the empirical success in various domains, it has been revealed t...
research
03/26/2022

A Survey of Robust Adversarial Training in Pattern Recognition: Fundamental, Theory, and Methodologies

In the last a few decades, deep neural networks have achieved remarkable...
research
08/19/2022

DAFT: Distilling Adversarially Fine-tuned Models for Better OOD Generalization

We consider the problem of OOD generalization, where the goal is to trai...

Please sign up or login with your details

Forgot password? Click here to reset