Learning to Generate Noise for Multi-Attack Robustness

TL;DR

This paper introduces a meta-learning framework with a Meta Noise Generator to produce optimal noise, enhancing model robustness against diverse adversarial attacks with minimal additional computational cost.

Contribution

It presents a novel meta-learning approach that explicitly learns to generate noise for improving robustness against multiple adversarial perturbations.

Findings

Outperforms baseline methods across various datasets and perturbations

Achieves robustness with marginal increase in training computational cost

Effectively defends against a wide range of adversarial attacks

Abstract

Adversarial learning has emerged as one of the successful techniques to circumvent the susceptibility of existing methods against adversarial perturbations. However, the majority of existing defense methods are tailored to defend against a single category of adversarial perturbation (e.g. $\ell_\infty$-attack). In safety-critical applications, this makes these methods extraneous as the attacker can adopt diverse adversaries to deceive the system. Moreover, training on multiple perturbations simultaneously significantly increases the computational overhead during training. To address these challenges, we propose a novel meta-learning framework that explicitly learns to generate noise to improve the model's robustness against multiple types of attacks. Its key component is Meta Noise Generator (MNG) that outputs optimal noise to stochastically perturb a given sample, such that it helps lower the error on diverse adversarial perturbations. By utilizing samples generated by MNG, we train a model by enforcing the label consistency across multiple perturbations. We validate the robustness of models trained by our scheme on various datasets and against a wide variety of perturbations, demonstrating that it significantly outperforms the baselines across multiple perturbations with a marginal computational cost.