Once-for-All Adversarial Training: In-Situ Tradeoff between Robustness
and Accuracy for Free
- URL: http://arxiv.org/abs/2010.11828v2
- Date: Tue, 10 Nov 2020 08:18:58 GMT
- Title: Once-for-All Adversarial Training: In-Situ Tradeoff between Robustness
and Accuracy for Free
- Authors: Haotao Wang, Tianlong Chen, Shupeng Gui, Ting-Kuei Hu, Ji Liu and
Zhangyang Wang
- Abstract summary: Adversarial training and its many variants substantially improve deep network robustness, yet at the cost of compromising standard accuracy.
This paper asks how to quickly calibrate a trained model in-situ, to examine the achievable trade-offs between its standard and robust accuracies.
Our proposed framework, Once-for-all Adversarial Training (OAT), is built on an innovative model-conditional training framework.
- Score: 115.81899803240758
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Adversarial training and its many variants substantially improve deep network
robustness, yet at the cost of compromising standard accuracy. Moreover, the
training process is heavy and hence it becomes impractical to thoroughly
explore the trade-off between accuracy and robustness. This paper asks this new
question: how to quickly calibrate a trained model in-situ, to examine the
achievable trade-offs between its standard and robust accuracies, without
(re-)training it many times? Our proposed framework, Once-for-all Adversarial
Training (OAT), is built on an innovative model-conditional training framework,
with a controlling hyper-parameter as the input. The trained model could be
adjusted among different standard and robust accuracies "for free" at testing
time. As an important knob, we exploit dual batch normalization to separate
standard and adversarial feature statistics, so that they can be learned in one
model without degrading performance. We further extend OAT to a Once-for-all
Adversarial Training and Slimming (OATS) framework, that allows for the joint
trade-off among accuracy, robustness and runtime efficiency. Experiments show
that, without any re-training nor ensembling, OAT/OATS achieve similar or even
superior performance compared to dedicatedly trained models at various
configurations. Our codes and pretrained models are available at:
https://github.com/VITA-Group/Once-for-All-Adversarial-Training.
Related papers
- An Emulator for Fine-Tuning Large Language Models using Small Language
Models [91.02498576056057]
We introduce emulated fine-tuning (EFT), a principled and practical method for sampling from a distribution that approximates the result of pre-training and fine-tuning at different scales.
We show that EFT enables test-time adjustment of competing behavioral traits like helpfulness and harmlessness without additional training.
Finally, a special case of emulated fine-tuning, which we call LM up-scaling, avoids resource-intensive fine-tuning of large pre-trained models by ensembling them with small fine-tuned models.
arXiv Detail & Related papers (2023-10-19T17:57:16Z) - TWINS: A Fine-Tuning Framework for Improved Transferability of
Adversarial Robustness and Generalization [89.54947228958494]
This paper focuses on the fine-tuning of an adversarially pre-trained model in various classification tasks.
We propose a novel statistics-based approach, Two-WIng NormliSation (TWINS) fine-tuning framework.
TWINS is shown to be effective on a wide range of image classification datasets in terms of both generalization and robustness.
arXiv Detail & Related papers (2023-03-20T14:12:55Z) - Constant Random Perturbations Provide Adversarial Robustness with
Minimal Effect on Accuracy [41.84118016227271]
This paper proposes an attack-independent (non-adversarial training) technique for improving adversarial robustness of neural network models.
We suggest creating a neighborhood around each training example, such that the label is kept constant for all inputs within that neighborhood.
Results suggest that the proposed approach improves standard accuracy over other defenses while having increased robustness compared to vanilla adversarial training.
arXiv Detail & Related papers (2021-03-15T10:44:59Z) - Self-Progressing Robust Training [146.8337017922058]
Current robust training methods such as adversarial training explicitly uses an "attack" to generate adversarial examples.
We propose a new framework called SPROUT, self-progressing robust training.
Our results shed new light on scalable, effective and attack-independent robust training methods.
arXiv Detail & Related papers (2020-12-22T00:45:24Z) - Robust Pre-Training by Adversarial Contrastive Learning [120.33706897927391]
Recent work has shown that, when integrated with adversarial training, self-supervised pre-training can lead to state-of-the-art robustness.
We improve robustness-aware self-supervised pre-training by learning representations consistent under both data augmentations and adversarial perturbations.
arXiv Detail & Related papers (2020-10-26T04:44:43Z) - A Novel DNN Training Framework via Data Sampling and Multi-Task
Optimization [7.001799696806368]
We propose a novel framework to train DNN models.
It generates multiple pairs of training and validation sets from the gross training set via random splitting.
It outputs the best, among all trained models, which has the overall best performance across the validation sets from all pairs.
arXiv Detail & Related papers (2020-07-02T10:58:57Z) - Adversarial Robustness: From Self-Supervised Pre-Training to Fine-Tuning [134.15174177472807]
We introduce adversarial training into self-supervision, to provide general-purpose robust pre-trained models for the first time.
We conduct extensive experiments to demonstrate that the proposed framework achieves large performance margins.
arXiv Detail & Related papers (2020-03-28T18:28:33Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.