Improving robustness of language models from a geometry-aware perspective

TL;DR

This paper introduces a geometry-aware adversarial training method for language models that enhances robustness efficiently by using fewer search steps, leveraging friendly adversarial data to maintain accuracy.

Contribution

The paper proposes FADA and GAT, novel methods that improve language model robustness with fewer adversarial search steps through geometry-aware data augmentation.

Findings

GAT achieves stronger robustness with fewer steps.

Friendly adversarial data does not degrade test accuracy.

Extensive experiments validate the effectiveness of GAT.

Abstract

Recent studies have found that removing the norm-bounded projection and increasing search steps in adversarial training can significantly improve robustness. However, we observe that a too large number of search steps can hurt accuracy. We aim to obtain strong robustness efficiently using fewer steps. Through a toy experiment, we find that perturbing the clean data to the decision boundary but not crossing it does not degrade the test accuracy. Inspired by this, we propose friendly adversarial data augmentation (FADA) to generate friendly adversarial data. On top of FADA, we propose geometry-aware adversarial training (GAT) to perform adversarial training on friendly adversarial data so that we can save a large number of search steps. Comprehensive experiments across two widely used datasets and three pre-trained language models demonstrate that GAT can obtain stronger robustness via fewer steps. In addition, we provide extensive empirical results and in-depth analyses on robustness to facilitate future studies.