Simultaneous Adversarial Training - Learn from Others Mistakes

TL;DR

This paper introduces a novel adversarial training method where two neural networks learn from each other's adversarial examples, enhancing robustness against black-box attacks and improving performance through domain adaptation.

Contribution

The paper proposes a new adversarial training approach enabling networks to learn from each other's adversarial examples, addressing black-box attack vulnerabilities.

Findings

Improved resilience to black-box adversarial attacks.

Enhanced robustness through mutual adversarial learning.

Beneficial effects of domain adaptation in training.

Abstract

Adversarial examples are maliciously tweaked images that can easily fool machine learning techniques, such as neural networks, but they are normally not visually distinguishable for human beings. One of the main approaches to solve this problem is to retrain the networks using those adversarial examples, namely adversarial training. However, standard adversarial training might not actually change the decision boundaries but cause the problem of gradient masking, resulting in a weaker ability to generate adversarial examples. Therefore, it cannot alleviate the problem of black-box attacks, where adversarial examples generated from other networks can transfer to the targeted one. In order to reduce the problem of black-box attacks, we propose a novel method that allows two networks to learn from each others' adversarial examples and become resilient to black-box attacks. We also combine this method with a simple domain adaptation to further improve the performance.