Adaptive perturbation adversarial training: based on reinforcement learning

TL;DR

This paper introduces an adaptive adversarial training method using reinforcement learning to efficiently find marginal adversarial samples, improving model accuracy and robustness while reducing training costs.

Contribution

It proposes a reinforcement learning-based approach to identify marginal adversarial samples, enhancing adversarial training efficiency and effectiveness.

Findings

Improved model accuracy on normal samples.

Maintained robustness against adversarial attacks.

Reduced training time and computational costs.

Abstract

Adversarial training has become the primary method to defend against adversarial samples. However, it is hard to practically apply due to many shortcomings. One of the shortcomings of adversarial training is that it will reduce the recognition accuracy of normal samples. Adaptive perturbation adversarial training is proposed to alleviate this problem. It uses marginal adversarial samples that are close to the decision boundary but does not cross the decision boundary for adversarial training, which improves the accuracy of model recognition while maintaining the robustness of the model. However, searching for marginal adversarial samples brings additional computational costs. This paper proposes a method for finding marginal adversarial samples based on reinforcement learning, and combines it with the latest fast adversarial training technology, which effectively speeds up training process and reduces training costs.