Robust Learning with Frequency Domain Regularization

TL;DR

This paper proposes a novel frequency domain regularization method for CNNs that enhances robustness against adversarial attacks and improves generalization across various tasks by constraining the spectral properties of model filters.

Contribution

The paper introduces a new regularization technique that considers valid frequency ranges across layers and trains them end-to-end, improving robustness and transferability.

Findings

Enhanced defense against adversarial perturbations

Reduced generalization gap across architectures

Improved transfer learning performance without fine-tuning

Abstract

Convolution neural networks have achieved remarkable performance in many tasks of computing vision. However, CNN tends to bias to low frequency components. They prioritize capturing low frequency patterns which lead them fail when suffering from application scenario transformation. While adversarial example implies the model is very sensitive to high frequency perturbations. In this paper, we introduce a new regularization method by constraining the frequency spectra of the filter of the model. Different from band-limit training, our method considers the valid frequency range probably entangles in different layers rather than continuous and trains the valid frequency range end-to-end by backpropagation. We demonstrate the effectiveness of our regularization by (1) defensing to adversarial perturbations; (2) reducing the generalization gap in different architecture; (3) improving the generalization ability in transfer learning scenario without fine-tune.