Robustness and Generalization via Generative Adversarial Training

TL;DR

This paper introduces Generative Adversarial Training, a method that enhances neural network robustness and generalization across different tasks by training on diverse, generated input variations, outperforming previous defenses.

Contribution

The paper proposes a novel generative adversarial training approach that improves robustness and generalization to unseen attacks and out-of-domain data across multiple computer vision tasks.

Findings

Improves model performance on clean and out-of-domain images.

Enhances robustness against unforeseen adversarial attacks.

Outperforms prior defense methods in various tasks.

Abstract

While deep neural networks have achieved remarkable success in various computer vision tasks, they often fail to generalize to new domains and subtle variations of input images. Several defenses have been proposed to improve the robustness against these variations. However, current defenses can only withstand the specific attack used in training, and the models often remain vulnerable to other input variations. Moreover, these methods often degrade performance of the model on clean images and do not generalize to out-of-domain samples. In this paper we present Generative Adversarial Training, an approach to simultaneously improve the model's generalization to the test set and out-of-domain samples as well as its robustness to unseen adversarial attacks. Instead of altering a low-level pre-defined aspect of images, we generate a spectrum of low-level, mid-level and high-level changes using generative models with a disentangled latent space. Adversarial training with these examples enable the model to withstand a wide range of attacks by observing a variety of input alterations during training. We show that our approach not only improves performance of the model on clean images and out-of-domain samples but also makes it robust against unforeseen attacks and outperforms prior work. We validate effectiveness of our method by demonstrating results on various tasks such as classification, segmentation and object detection.