Blind Adversarial Training: Balance Accuracy and Robustness

• URL: http://arxiv.org/abs/2004.05914v1
• Date: Fri, 10 Apr 2020 02:16:01 GMT
• Title: Blind Adversarial Training: Balance Accuracy and Robustness
• Authors: Haidong Xie, Xueshuang Xiang, Naijin Liu, Bin Dong
• Abstract summary: Adversarial training (AT) aims to improve the robustness of deep learning models by mixing clean data and adversarial examples (AEs) This paper proposes a novel AT approach named blind adversarial training (BAT) to better balance the accuracy and robustness.
• Score: 9.224557511013584
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Adversarial training (AT) aims to improve the robustness of deep learning models by mixing clean data and adversarial examples (AEs). Most existing AT approaches can be grouped into restricted and unrestricted approaches. Restricted AT requires a prescribed uniform budget to constrain the magnitude of the AE perturbations during training, with the obtained results showing high sensitivity to the budget. On the other hand, unrestricted AT uses unconstrained AEs, resulting in the use of AEs located beyond the decision boundary; these overestimated AEs significantly lower the accuracy on clean data. These limitations mean that the existing AT approaches have difficulty in obtaining a comprehensively robust model with high accuracy and robustness when confronting attacks with varying strengths. Considering this problem, this paper proposes a novel AT approach named blind adversarial training (BAT) to better balance the accuracy and robustness. The main idea of this approach is to use a cutoff-scale strategy to adaptively estimate a nonuniform budget to modify the AEs used in the training, ensuring that the strengths of the AEs are dynamically located in a reasonable range and ultimately improving the overall robustness of the AT model. The experimental results obtained using BAT for training classification models on several benchmarks demonstrate the competitive performance of this method.

Related papers

• Towards Robust Federated Learning via Logits Calibration on Non-IID Data [49.286558007937856]
  Federated learning (FL) is a privacy-preserving distributed management framework based on collaborative model training of distributed devices in edge networks. Recent studies have shown that FL is vulnerable to adversarial examples, leading to a significant drop in its performance. In this work, we adopt the adversarial training (AT) framework to improve the robustness of FL models against adversarial example (AE) attacks.
  arXiv  Detail & Related papers  (2024-03-05T09:18:29Z)
• Adversarial Feature Alignment: Balancing Robustness and Accuracy in Deep Learning via Adversarial Training [10.099179580467737]
  Adversarial training is used to mitigate this problem by increasing robustness against adversarial attacks. This approach typically reduces a model's standard accuracy on clean, non-adversarial samples. This paper proposes a novel adversarial training method called Adversarial Feature Alignment (AFA) to address these problems.
  arXiv  Detail & Related papers  (2024-02-19T14:51:20Z)
• Learn from the Past: A Proxy Guided Adversarial Defense Framework with Self Distillation Regularization [53.04697800214848]
  Adversarial Training (AT) is pivotal in fortifying the robustness of deep learning models. AT methods, relying on direct iterative updates for target model's defense, frequently encounter obstacles such as unstable training and catastrophic overfitting. We present a general proxy guided defense framework, LAST' (bf Learn from the Pbf ast)
  arXiv  Detail & Related papers  (2023-10-19T13:13:41Z)
• Reducing Adversarial Training Cost with Gradient Approximation [0.3916094706589679]
  We propose a new and efficient adversarial training method, adversarial training with gradient approximation (GAAT) to reduce the cost of building up robust models. Our proposed method saves up to 60% of the training time with comparable model test accuracy on datasets.
  arXiv  Detail & Related papers  (2023-09-18T03:55:41Z)
• Hard Adversarial Example Mining for Improving Robust Fairness [18.02943802341582]
  Adversarial training (AT) is widely considered the state-of-the-art technique for improving the robustness of deep neural networks (DNNs) against adversarial examples (AE) Recent studies have revealed that adversarially trained models are prone to unfairness problems, restricting their applicability. To alleviate this problem, we propose HAM, a straightforward yet effective framework via adaptive Hard Adversarial example Mining.HAM.
  arXiv  Detail & Related papers  (2023-08-03T15:33:24Z)
• Strength-Adaptive Adversarial Training [103.28849734224235]
  Adversarial training (AT) is proven to reliably improve network's robustness against adversarial data. Current AT with a pre-specified perturbation budget has limitations in learning a robust network. We propose emphStrength-Adaptive Adversarial Training (SAAT) to overcome these limitations.
  arXiv  Detail & Related papers  (2022-10-04T00:22:37Z)
• Robust Pre-Training by Adversarial Contrastive Learning [120.33706897927391]
  Recent work has shown that, when integrated with adversarial training, self-supervised pre-training can lead to state-of-the-art robustness. We improve robustness-aware self-supervised pre-training by learning representations consistent under both data augmentations and adversarial perturbations.
  arXiv  Detail & Related papers  (2020-10-26T04:44:43Z)
• Blind Adversarial Pruning: Balance Accuracy, Efficiency and Robustness [3.039568795810294]
  This paper first investigates the robustness of pruned models with different compression ratios under the gradual pruning process. We then test the performance of mixing the clean data and adversarial examples into the gradual pruning process, called adversarial pruning. To better balance the AER, we propose an approach called blind adversarial pruning (BAP), which introduces the idea of blind adversarial training into the gradual pruning process.
  arXiv  Detail & Related papers  (2020-04-10T02:27:48Z)
• Boosting Adversarial Training with Hypersphere Embedding [53.75693100495097]
  Adversarial training is one of the most effective defenses against adversarial attacks for deep learning models. In this work, we advocate incorporating the hypersphere embedding mechanism into the AT procedure. We validate our methods under a wide range of adversarial attacks on the CIFAR-10 and ImageNet datasets.
  arXiv  Detail & Related papers  (2020-02-20T08:42:29Z)
• Adversarial Distributional Training for Robust Deep Learning [53.300984501078126]
  Adversarial training (AT) is among the most effective techniques to improve model robustness by augmenting training data with adversarial examples. Most existing AT methods adopt a specific attack to craft adversarial examples, leading to the unreliable robustness against other unseen attacks. In this paper, we introduce adversarial distributional training (ADT), a novel framework for learning robust models.
  arXiv  Detail & Related papers  (2020-02-14T12:36:59Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.