Learning to Defend by Learning to Attack

TL;DR

This paper introduces a novel adversarial training approach using a learnable optimizer within a bilevel optimization framework, improving robustness and efficiency in neural network training.

Contribution

It proposes a learning-to-learn framework that replaces hand-designed inner optimization algorithms with a neural network-based optimizer for adversarial training.

Findings

Outperforms existing methods in accuracy on CIFAR datasets

Enhances computational efficiency of adversarial training

Extends to generative adversarial imitation learning

Abstract

Adversarial training provides a principled approach for training robust neural networks. From an optimization perspective, adversarial training is essentially solving a bilevel optimization problem. The leader problem is trying to learn a robust classifier, while the follower problem is trying to generate adversarial samples. Unfortunately, such a bilevel problem is difficult to solve due to its highly complicated structure. This work proposes a new adversarial training method based on a generic learning-to-learn (L2L) framework. Specifically, instead of applying existing hand-designed algorithms for the inner problem, we learn an optimizer, which is parametrized as a convolutional neural network. At the same time, a robust classifier is learned to defense the adversarial attack generated by the learned optimizer. Experiments over CIFAR-10 and CIFAR-100 datasets demonstrate that L2L outperforms existing adversarial training methods in both classification accuracy and computational efficiency. Moreover, our L2L framework can be extended to generative adversarial imitation learning and stabilize the training.