Automated Robustness with Adversarial Training as a Post-Processing Step

TL;DR

This paper proposes a fully automated pipeline that applies adversarial training as a post-processing step to enhance the robustness of neural network architectures found via neural architecture search, demonstrated across multiple image and text classification tasks.

Contribution

It introduces a novel automated approach that combines neural architecture search with post-processing adversarial training to improve model robustness.

Findings

Effective robustness improvement across diverse tasks

Automated pipeline reduces manual tuning effort

Consistent performance gains in experiments

Abstract

Adversarial training is a computationally expensive task and hence searching for neural network architectures with robustness as the criterion can be challenging. As a step towards practical automation, this work explores the efficacy of a simple post processing step in yielding robust deep learning model. To achieve this, we adopt adversarial training as a post-processing step for optimised network architectures obtained from a neural architecture search algorithm. Specific policies are adopted for tuning the hyperparameters of the different steps, resulting in a fully automated pipeline for generating adversarially robust deep learning models. We evidence the usefulness of the proposed pipeline with extensive experimentation across 11 image classification and 9 text classification tasks.