Improving Global Adversarial Robustness Generalization With Adversarially Trained GAN

TL;DR

This paper introduces ATGAN, a novel adversarial training method that integrates GANs to enhance the robustness of CNNs against adversarial attacks, avoiding gradient obfuscation and improving generalization across multiple datasets.

Contribution

The paper proposes ATGAN, combining adversarial training with GANs and data augmentation to improve adversarial robustness without gradient obfuscation.

Findings

ATGAN outperforms existing adversarially trained CNNs in robustness.

It effectively removes obfuscated gradients.

Demonstrates improved generalization on MNIST, SVHN, and CIFAR-10.

Abstract

Convolutional neural networks (CNNs) have achieved beyond human-level accuracy in the image classification task and are widely deployed in real-world environments. However, CNNs show vulnerability to adversarial perturbations that are well-designed noises aiming to mislead the classification models. In order to defend against the adversarial perturbations, adversarially trained GAN (ATGAN) is proposed to improve the adversarial robustness generalization of the state-of-the-art CNNs trained by adversarial training. ATGAN incorporates adversarial training into standard GAN training procedure to remove obfuscated gradients which can lead to a false sense in defending against the adversarial perturbations and are commonly observed in existing GANs-based adversarial defense methods. Moreover, ATGAN adopts the image-to-image generator as data augmentation to increase the sample complexity needed for adversarial robustness generalization in adversarial training. Experimental results in MNIST SVHN and CIFAR-10 datasets show that the proposed method doesn't rely on obfuscated gradients and achieves better global adversarial robustness generalization performance than the adversarially trained state-of-the-art CNNs.