A2: Efficient Automated Attacker for Boosting Adversarial Training
- URL: http://arxiv.org/abs/2210.03543v1
- Date: Fri, 7 Oct 2022 13:28:00 GMT
- Title: A2: Efficient Automated Attacker for Boosting Adversarial Training
- Authors: Zhuoer Xu, Guanghui Zhu, Changhua Meng, Shiwen Cui, Zhenzhe Ying,
Weiqiang Wang, Ming GU, Yihua Huang
- Abstract summary: We propose an efficient automated attacker called A2 to boost Adversarial Training (AT) robustness.
A2 generates stronger perturbations with low extra cost and reliably improves the robustness of various AT methods against different attacks.
- Score: 15.37987350655307
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Based on the significant improvement of model robustness by AT (Adversarial
Training), various variants have been proposed to further boost the
performance. Well-recognized methods have focused on different components of AT
(e.g., designing loss functions and leveraging additional unlabeled data). It
is generally accepted that stronger perturbations yield more robust models.
However, how to generate stronger perturbations efficiently is still missed. In
this paper, we propose an efficient automated attacker called A2 to boost AT by
generating the optimal perturbations on-the-fly during training. A2 is a
parameterized automated attacker to search in the attacker space for the best
attacker against the defense model and examples. Extensive experiments across
different datasets demonstrate that A2 generates stronger perturbations with
low extra cost and reliably improves the robustness of various AT methods
against different attacks.
Related papers
- Efficient Adversarial Training in LLMs with Continuous Attacks [99.5882845458567]
Large language models (LLMs) are vulnerable to adversarial attacks that can bypass their safety guardrails.
We propose a fast adversarial training algorithm (C-AdvUL) composed of two losses.
C-AdvIPO is an adversarial variant of IPO that does not require utility data for adversarially robust alignment.
arXiv Detail & Related papers (2024-05-24T14:20:09Z) - Learn from the Past: A Proxy Guided Adversarial Defense Framework with
Self Distillation Regularization [53.04697800214848]
Adversarial Training (AT) is pivotal in fortifying the robustness of deep learning models.
AT methods, relying on direct iterative updates for target model's defense, frequently encounter obstacles such as unstable training and catastrophic overfitting.
We present a general proxy guided defense framework, LAST' (bf Learn from the Pbf ast)
arXiv Detail & Related papers (2023-10-19T13:13:41Z) - Towards Deep Learning Models Resistant to Transfer-based Adversarial
Attacks via Data-centric Robust Learning [16.53553150596255]
Adversarial training (AT) is recognized as the strongest defense against white-box attacks.
We name this new defense paradigm Data-centric Robust Learning (DRL)
arXiv Detail & Related papers (2023-10-15T17:20:42Z) - AROID: Improving Adversarial Robustness Through Online Instance-Wise Data Augmentation [6.625868719336385]
Adversarial training (AT) is an effective defense against adversarial examples.
Data augmentation (DA) was shown to be effective in mitigating robust overfitting if appropriately designed and optimized for AT.
This work proposes a new method to automatically learn online, instance-wise, DA policies to improve robust generalization for AT.
arXiv Detail & Related papers (2023-06-12T15:54:52Z) - Analysis and Extensions of Adversarial Training for Video Classification [0.0]
We show that generating optimal attacks for video requires carefully tuning the attack parameters, especially the step size.
We propose three defenses against attacks with variable attack budgets.
Experiments on the UCF101 dataset demonstrate that the proposed methods improve adversarial robustness against multiple attack types.
arXiv Detail & Related papers (2022-06-16T06:49:01Z) - LAS-AT: Adversarial Training with Learnable Attack Strategy [82.88724890186094]
"Learnable attack strategy", dubbed LAS-AT, learns to automatically produce attack strategies to improve the model robustness.
Our framework is composed of a target network that uses AEs for training to improve robustness and a strategy network that produces attack strategies to control the AE generation.
arXiv Detail & Related papers (2022-03-13T10:21:26Z) - Model-Agnostic Meta-Attack: Towards Reliable Evaluation of Adversarial
Robustness [53.094682754683255]
We propose a Model-Agnostic Meta-Attack (MAMA) approach to discover stronger attack algorithms automatically.
Our method learns the in adversarial attacks parameterized by a recurrent neural network.
We develop a model-agnostic training algorithm to improve the ability of the learned when attacking unseen defenses.
arXiv Detail & Related papers (2021-10-13T13:54:24Z) - Adaptive Feature Alignment for Adversarial Training [56.17654691470554]
CNNs are typically vulnerable to adversarial attacks, which pose a threat to security-sensitive applications.
We propose the adaptive feature alignment (AFA) to generate features of arbitrary attacking strengths.
Our method is trained to automatically align features of arbitrary attacking strength.
arXiv Detail & Related papers (2021-05-31T17:01:05Z) - Lagrangian Objective Function Leads to Improved Unforeseen Attack
Generalization in Adversarial Training [0.0]
Adversarial training (AT) has been shown effective to reach a robust model against the attack that is used during training.
We propose a simple modification to the AT that mitigates the mentioned issue.
We show that our attack is faster than other attack schemes that are designed for unseen attack generalization.
arXiv Detail & Related papers (2021-03-29T07:23:46Z) - Self-Progressing Robust Training [146.8337017922058]
Current robust training methods such as adversarial training explicitly uses an "attack" to generate adversarial examples.
We propose a new framework called SPROUT, self-progressing robust training.
Our results shed new light on scalable, effective and attack-independent robust training methods.
arXiv Detail & Related papers (2020-12-22T00:45:24Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.