TART: Boosting Clean Accuracy Through Tangent Direction Guided Adversarial Training

• URL: http://arxiv.org/abs/2408.14728v1
• Date: Tue, 27 Aug 2024 01:41:21 GMT
• Title: TART: Boosting Clean Accuracy Through Tangent Direction Guided Adversarial Training
• Authors: Bongsoo Yi, Rongjie Lai, Yao Li,
• Abstract summary: Adversarial training has been shown to be successful in enhancing the robustness of deep neural networks against adversarial attacks. However, this robustness is accompanied by a significant decline in accuracy on clean data. We propose a novel method, called Tangent Direction Guided Adversarial Training (TART), that leverages the tangent space of the data manifold to ameliorate the existing adversarial defense algorithms.
• Score: 7.931280949498884
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Adversarial training has been shown to be successful in enhancing the robustness of deep neural networks against adversarial attacks. However, this robustness is accompanied by a significant decline in accuracy on clean data. In this paper, we propose a novel method, called Tangent Direction Guided Adversarial Training (TART), that leverages the tangent space of the data manifold to ameliorate the existing adversarial defense algorithms. We argue that training with adversarial examples having large normal components significantly alters the decision boundary and hurts accuracy. TART mitigates this issue by estimating the tangent direction of adversarial examples and allocating an adaptive perturbation limit according to the norm of their tangential component. To the best of our knowledge, our paper is the first work to consider the concept of tangent space and direction in the context of adversarial defense. We validate the effectiveness of TART through extensive experiments on both simulated and benchmark datasets. The results demonstrate that TART consistently boosts clean accuracy while retaining a high level of robustness against adversarial attacks. Our findings suggest that incorporating the geometric properties of data can lead to more effective and efficient adversarial training methods.

Related papers

• Soften to Defend: Towards Adversarial Robustness via Self-Guided Label Refinement [5.865750284677784]
  Adversarial training (AT) is one of the most effective ways to obtain the robustness of deep neural networks against adversarial attacks. AT methods suffer from robust overfitting, i.e., a significant generalization gap between the training and testing curves. We propose a label refinement approach for AT, which self-refines a more accurate and informative label distribution from over-confident hard labels.
  arXiv  Detail & Related papers  (2024-03-14T04:48:31Z)
• DAD++: Improved Data-free Test Time Adversarial Defense [12.606555446261668]
  We propose a test time Data-free Adversarial Defense (DAD) containing detection and correction frameworks. We conduct a wide range of experiments and ablations on several datasets and network architectures to show the efficacy of our proposed approach. Our DAD++ gives an impressive performance against various adversarial attacks with a minimal drop in clean accuracy.
  arXiv  Detail & Related papers  (2023-09-10T20:39:53Z)
• Practical Edge Detection via Robust Collaborative Learning [11.176517889212015]
  Edge detection is a core component in a wide range of visionoriented tasks. To achieve the goal, two key issues should be concerned. How to mitigate deep edge models from inefficient pre-trained backbones. How to liberate the negative influence from noisy or even wrong labels in training data.
  arXiv  Detail & Related papers  (2023-08-27T12:12:27Z)
• Doubly Robust Instance-Reweighted Adversarial Training [107.40683655362285]
  We propose a novel doubly-robust instance reweighted adversarial framework. Our importance weights are obtained by optimizing the KL-divergence regularized loss function. Our proposed approach outperforms related state-of-the-art baseline methods in terms of average robust performance.
  arXiv  Detail & Related papers  (2023-08-01T06:16:18Z)
• Improving Adversarial Robustness to Sensitivity and Invariance Attacks with Deep Metric Learning [80.21709045433096]
  A standard method in adversarial robustness assumes a framework to defend against samples crafted by minimally perturbing a sample. We use metric learning to frame adversarial regularization as an optimal transport problem. Our preliminary results indicate that regularizing over invariant perturbations in our framework improves both invariant and sensitivity defense.
  arXiv  Detail & Related papers  (2022-11-04T13:54:02Z)
• Distributed Adversarial Training to Robustify Deep Neural Networks at Scale [100.19539096465101]
  Current deep neural networks (DNNs) are vulnerable to adversarial attacks, where adversarial perturbations to the inputs can change or manipulate classification. To defend against such attacks, an effective approach, known as adversarial training (AT), has been shown to mitigate robust training. We propose a large-batch adversarial training framework implemented over multiple machines.
  arXiv  Detail & Related papers  (2022-06-13T15:39:43Z)
• Evaluating Membership Inference Through Adversarial Robustness [6.983991370116041]
  We propose an enhanced methodology for membership inference attacks based on adversarial robustness. We evaluate our proposed method on three datasets: Fashion-MNIST, CIFAR-10, and CIFAR-100.
  arXiv  Detail & Related papers  (2022-05-14T06:48:47Z)
• Modelling Adversarial Noise for Adversarial Defense [96.56200586800219]
  adversarial defenses typically focus on exploiting adversarial examples to remove adversarial noise or train an adversarially robust target model. Motivated by that the relationship between adversarial data and natural data can help infer clean data from adversarial data to obtain the final correct prediction. We study to model adversarial noise to learn the transition relationship in the label space for using adversarial labels to improve adversarial accuracy.
  arXiv  Detail & Related papers  (2021-09-21T01:13:26Z)
• Geometry-aware Instance-reweighted Adversarial Training [78.70024866515756]
  In adversarial machine learning, there was a common belief that robustness and accuracy hurt each other. We propose geometry-aware instance-reweighted adversarial training, where the weights are based on how difficult it is to attack a natural data point. Experiments show that our proposal boosts the robustness of standard adversarial training.
  arXiv  Detail & Related papers  (2020-10-05T01:33:11Z)
• Adversarial Self-Supervised Contrastive Learning [62.17538130778111]
  Existing adversarial learning approaches mostly use class labels to generate adversarial samples that lead to incorrect predictions. We propose a novel adversarial attack for unlabeled data, which makes the model confuse the instance-level identities of the perturbed data samples. We present a self-supervised contrastive learning framework to adversarially train a robust neural network without labeled data.
  arXiv  Detail & Related papers  (2020-06-13T08:24:33Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.