# Scaleable input gradient regularization for adversarial robustness

**Authors:** Chris Finlay, Adam M Oberman

arXiv: 1905.11468 · 2019-10-07

## TL;DR

This paper introduces a scalable input gradient regularization method for adversarial robustness, providing theoretical bounds and demonstrating competitive performance with adversarial training on large datasets.

## Contribution

It presents a new scalable gradient regularization technique that avoids double backpropagation and offers theoretical robustness bounds, improving adversarial defenses.

## Key findings

- Achieves adversarial robustness on ImageNet in 33 hours using four GPUs.
- Provides theoretical bounds based on local gradient information.
- Shows gradient regularization is competitive with adversarial training without masking issues.

## Abstract

In this work we revisit gradient regularization for adversarial robustness with some new ingredients. First, we derive new per-image theoretical robustness bounds based on local gradient information. These bounds strongly motivate input gradient regularization. Second, we implement a scaleable version of input gradient regularization which avoids double backpropagation: adversarially robust ImageNet models are trained in 33 hours on four consumer grade GPUs. Finally, we show experimentally and through theoretical certification that input gradient regularization is competitive with adversarial training. Moreover we demonstrate that gradient regularization does not lead to gradient obfuscation or gradient masking.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1905.11468/full.md

## Figures

6 figures with captions in the complete paper: https://tomesphere.com/paper/1905.11468/full.md

## References

57 references — full list in the complete paper: https://tomesphere.com/paper/1905.11468/full.md

---
Source: https://tomesphere.com/paper/1905.11468