Regional Adversarial Training for Better Robust Generalization

Chuanbiao Song; Yanbo Fan; Yichen Yang; Baoyuan Wu; Yiming Li; Zhifeng; Li; Kun He

arXiv:2109.00678·cs.CV·September 7, 2021·5 cites

Regional Adversarial Training for Better Robust Generalization

Chuanbiao Song, Yanbo Fan, Yichen Yang, Baoyuan Wu, Yiming Li, Zhifeng, Li, Kun He

PDF

Open Access

TL;DR

This paper introduces Regional Adversarial Training (RAT), a novel method that enhances adversarial robustness by considering the diversity and characteristics of perturbed points within attack regions, leading to better generalization.

Contribution

The paper proposes a new adversarial training framework that constructs adversarial regions and samples diverse points with a distance-aware label smoothing mechanism, improving robustness over traditional methods.

Findings

01

RAT significantly outperforms standard adversarial training on benchmark datasets.

02

RAT achieves better robust generalization and defense against adversarial attacks.

03

Extensive experiments validate the effectiveness of the proposed method.

Abstract

Adversarial training (AT) has been demonstrated as one of the most promising defense methods against various adversarial attacks. To our knowledge, existing AT-based methods usually train with the locally most adversarial perturbed points and treat all the perturbed points equally, which may lead to considerably weaker adversarial robust generalization on test data. In this work, we introduce a new adversarial training framework that considers the diversity as well as characteristics of the perturbed points in the vicinity of benign samples. To realize the framework, we propose a Regional Adversarial Training (RAT) defense method that first utilizes the attack path generated by the typical iterative attack method of projected gradient descent (PGD), and constructs an adversarial region based on the attack path. Then, RAT samples diverse perturbed training points efficiently inside this…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Bacillus and Francisella bacterial research

MethodsLabel Smoothing