ARDIR: Improving Robustness using Knowledge Distillation of Internal Representation

• URL: http://arxiv.org/abs/2211.00239v1
• Date: Tue, 1 Nov 2022 03:11:59 GMT
• Title: ARDIR: Improving Robustness using Knowledge Distillation of Internal Representation
• Authors: Tomokatsu Takahashi, Masanori Yamada, Yuuki Yamanaka, Tomoya Yamashita
• Abstract summary: We propose Adversarial Robust Distillation with Internal Representation(ARDIR) to utilize knowledge distillation even more effectively. ARDIR uses the internal representation of the teacher model as a label for adversarial training. We show that ARDIR outperforms previous methods in our experiments.
• Score: 2.0875529088206553
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Adversarial training is the most promising method for learning robust models against adversarial examples. A recent study has shown that knowledge distillation between the same architectures is effective in improving the performance of adversarial training. Exploiting knowledge distillation is a new approach to improve adversarial training and has attracted much attention. However, its performance is still insufficient. Therefore, we propose Adversarial Robust Distillation with Internal Representation~(ARDIR) to utilize knowledge distillation even more effectively. In addition to the output of the teacher model, ARDIR uses the internal representation of the teacher model as a label for adversarial training. This enables the student model to be trained with richer, more informative labels. As a result, ARDIR can learn more robust student models. We show that ARDIR outperforms previous methods in our experiments.

Related papers

• Student-friendly Knowledge Distillation [1.5469452301122173]
  We propose student-friendly knowledge distillation (SKD) to simplify teacher output into new knowledge representations. SKD contains a softening processing and a learning simplifier. The experimental results on the CIFAR-100 and ImageNet datasets show that our method achieves state-of-the-art performance.
  arXiv  Detail & Related papers  (2023-05-18T11:44:30Z)
• Learning the Wrong Lessons: Inserting Trojans During Knowledge Distillation [68.8204255655161]
  Trojan attacks have contemporaneously gained significant prominence, revealing fundamental vulnerabilities in deep learning models. We seek to exploit the unlabelled data knowledge distillation process to embed Trojans in a student model without introducing conspicuous behavior in the teacher. We devise a Trojan attack that effectively reduces student accuracy, does not alter teacher performance, and is efficiently constructible in practice.
  arXiv  Detail & Related papers  (2023-03-09T21:37:50Z)
• Improved Knowledge Distillation for Pre-trained Language Models via Knowledge Selection [35.515135913846386]
  We propose an actor-critic approach to selecting appropriate knowledge to transfer during the process of knowledge distillation. Experimental results on the GLUE datasets show that our method outperforms several strong knowledge distillation baselines significantly.
  arXiv  Detail & Related papers  (2023-02-01T13:40:19Z)
• Efficient Knowledge Distillation from Model Checkpoints [36.329429655242535]
  We show that a weak snapshot ensemble of several intermediate models from a same training trajectory can outperform a strong ensemble of independently trained and fully converged models. We propose an optimal intermediate teacher selection algorithm based on maximizing the total task-related mutual information.
  arXiv  Detail & Related papers  (2022-10-12T17:55:30Z)
• On the benefits of knowledge distillation for adversarial robustness [53.41196727255314]
  We show that knowledge distillation can be used directly to boost the performance of state-of-the-art models in adversarial robustness. We present Adversarial Knowledge Distillation (AKD), a new framework to improve a model's robust performance.
  arXiv  Detail & Related papers  (2022-03-14T15:02:13Z)
• Dynamic Rectification Knowledge Distillation [0.0]
  Dynamic Rectification Knowledge Distillation (DR-KD) is a knowledge distillation framework. DR-KD transforms the student into its own teacher, and if the self-teacher makes wrong predictions while distilling information, the error is rectified prior to the knowledge being distilled. Our proposed DR-KD performs remarkably well in the absence of a sophisticated cumbersome teacher model.
  arXiv  Detail & Related papers  (2022-01-27T04:38:01Z)
• Revisiting Adversarial Robustness Distillation: Robust Soft Labels Make Student Better [66.69777970159558]
  We propose a novel adversarial robustness distillation method called Robust Soft Label Adversarial Distillation (RSLAD) RSLAD fully exploits the robust soft labels produced by a robust (adversarially-trained) large teacher model to guide the student's learning. We empirically demonstrate the effectiveness of our RSLAD approach over existing adversarial training and distillation methods.
  arXiv  Detail & Related papers  (2021-08-18T04:32:35Z)
• Revisiting Knowledge Distillation: An Inheritance and Exploration Framework [153.73692961660964]
  Knowledge Distillation (KD) is a popular technique to transfer knowledge from a teacher model to a student model. We propose a novel inheritance and exploration knowledge distillation framework (IE-KD) Our IE-KD framework is generic and can be easily combined with existing distillation or mutual learning methods for training deep neural networks.
  arXiv  Detail & Related papers  (2021-07-01T02:20:56Z)
• Learning Student-Friendly Teacher Networks for Knowledge Distillation [50.11640959363315]
  We propose a novel knowledge distillation approach to facilitate the transfer of dark knowledge from a teacher to a student. Contrary to most of the existing methods that rely on effective training of student models given pretrained teachers, we aim to learn the teacher models that are friendly to students.
  arXiv  Detail & Related papers  (2021-02-12T07:00:17Z)
• Knowledge Distillation Meets Self-Supervision [109.6400639148393]
  Knowledge distillation involves extracting "dark knowledge" from a teacher network to guide the learning of a student network. We show that the seemingly different self-supervision task can serve as a simple yet powerful solution. By exploiting the similarity between those self-supervision signals as an auxiliary task, one can effectively transfer the hidden information from the teacher to the student.
  arXiv  Detail & Related papers  (2020-06-12T12:18:52Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.