Enhancing Adversarial Robustness for Deep Metric Learning
- URL: http://arxiv.org/abs/2203.01439v1
- Date: Wed, 2 Mar 2022 22:27:44 GMT
- Title: Enhancing Adversarial Robustness for Deep Metric Learning
- Authors: Mo Zhou, Vishal M. Patel
- Abstract summary: adversarial robustness of deep metric learning models has to be improved.
In order to avoid model collapse due to excessively hard examples, the existing defenses dismiss the min-max adversarial training.
We propose Hardness Manipulation to efficiently perturb the training triplet till a specified level of hardness for adversarial training.
- Score: 77.75152218980605
- License: http://creativecommons.org/licenses/by-nc-sa/4.0/
- Abstract: Owing to security implications of adversarial vulnerability, adversarial
robustness of deep metric learning models has to be improved. In order to avoid
model collapse due to excessively hard examples, the existing defenses dismiss
the min-max adversarial training, but instead learn from a weak adversary
inefficiently. Conversely, we propose Hardness Manipulation to efficiently
perturb the training triplet till a specified level of hardness for adversarial
training, according to a harder benign triplet or a pseudo-hardness function.
It is flexible since regular training and min-max adversarial training are its
boundary cases. Besides, Gradual Adversary, a family of pseudo-hardness
functions is proposed to gradually increase the specified hardness level during
training for a better balance between performance and robustness. Additionally,
an Intra-Class Structure loss term among benign and adversarial examples
further improves model robustness and efficiency. Comprehensive experimental
results suggest that the proposed method, although simple in its form,
overwhelmingly outperforms the state-of-the-art defenses in terms of
robustness, training efficiency, as well as performance on benign examples.
Related papers
- Improving Adversarial Robustness with Self-Paced Hard-Class Pair
Reweighting [5.084323778393556]
adversarial training with untargeted attacks is one of the most recognized methods.
We find that the naturally imbalanced inter-class semantic similarity makes those hard-class pairs to become the virtual targets of each other.
We propose to upweight hard-class pair loss in model optimization, which prompts learning discriminative features from hard classes.
arXiv Detail & Related papers (2022-10-26T22:51:36Z) - Strength-Adaptive Adversarial Training [103.28849734224235]
Adversarial training (AT) is proven to reliably improve network's robustness against adversarial data.
Current AT with a pre-specified perturbation budget has limitations in learning a robust network.
We propose emphStrength-Adaptive Adversarial Training (SAAT) to overcome these limitations.
arXiv Detail & Related papers (2022-10-04T00:22:37Z) - Towards the Desirable Decision Boundary by Moderate-Margin Adversarial
Training [8.904046529174867]
We propose a novel adversarial training scheme to achieve a better trade-off between robustness and natural accuracy.
MMAT generates finer-grained adversarial examples to mitigate the cross-over problem.
On SVHN, for example, state-of-the-art robustness and natural accuracy are achieved.
arXiv Detail & Related papers (2022-07-16T00:57:23Z) - Enhancing Adversarial Training with Feature Separability [52.39305978984573]
We introduce a new concept of adversarial training graph (ATG) with which the proposed adversarial training with feature separability (ATFS) enables to boost the intra-class feature similarity and increase inter-class feature variance.
Through comprehensive experiments, we demonstrate that the proposed ATFS framework significantly improves both clean and robust performance.
arXiv Detail & Related papers (2022-05-02T04:04:23Z) - Adversarial Fine-tune with Dynamically Regulated Adversary [27.034257769448914]
In many real-world applications such as health diagnosis and autonomous surgical robotics, the standard performance is more valued over model robustness against such extremely malicious attacks.
This work proposes a simple yet effective transfer learning-based adversarial training strategy that disentangles the negative effects of adversarial samples on model's standard performance.
In addition, we introduce a training-friendly adversarial attack algorithm, which facilitates the boost of adversarial robustness without introducing significant training complexity.
arXiv Detail & Related papers (2022-04-28T00:07:15Z) - On the Convergence and Robustness of Adversarial Training [134.25999006326916]
Adrial training with Project Gradient Decent (PGD) is amongst the most effective.
We propose a textitdynamic training strategy to increase the convergence quality of the generated adversarial examples.
Our theoretical and empirical results show the effectiveness of the proposed method.
arXiv Detail & Related papers (2021-12-15T17:54:08Z) - Robust Pre-Training by Adversarial Contrastive Learning [120.33706897927391]
Recent work has shown that, when integrated with adversarial training, self-supervised pre-training can lead to state-of-the-art robustness.
We improve robustness-aware self-supervised pre-training by learning representations consistent under both data augmentations and adversarial perturbations.
arXiv Detail & Related papers (2020-10-26T04:44:43Z) - Towards Understanding Fast Adversarial Training [91.8060431517248]
We conduct experiments to understand the behavior of fast adversarial training.
We show the key to its success is the ability to recover from overfitting to weak attacks.
arXiv Detail & Related papers (2020-06-04T18:19:43Z) - Improving the affordability of robustness training for DNNs [11.971637253035107]
We show that the initial phase of adversarial training is redundant and can be replaced with natural training which significantly improves the computational efficiency.
We show that our proposed method can reduce the training time by a factor of up to 2.5 with comparable or better model test accuracy and generalization on various strengths of adversarial attacks.
arXiv Detail & Related papers (2020-02-11T07:29:45Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.