Adversarial Ensemble Training by Jointly Learning Label Dependencies and Member Models

TL;DR

This paper introduces a novel adversarial ensemble training method that jointly learns label dependencies and member models, enhancing diversity and robustness against black-box attacks in image recognition tasks.

Contribution

It proposes a new approach that adaptively learns label dependencies to promote diversity among ensemble members, improving adversarial robustness.

Findings

Achieves superior robustness on MNIST, FashionMNIST, and CIFAR-10.

Effectively exploits label dependencies to enhance ensemble diversity.

Outperforms state-of-the-art methods against black-box attacks.

Abstract

Training an ensemble of diverse sub-models has been empirically demonstrated as an effective strategy for improving the adversarial robustness of deep neural networks. However, current ensemble training methods for image recognition typically encode image labels using one-hot vectors, which overlook dependency relationships between the labels. In this paper, we propose a novel adversarial en-semble training approach that jointly learns the label dependencies and member models. Our approach adaptively exploits the learned label dependencies to pro-mote diversity among the member models. We evaluate our approach on widely used datasets including MNIST, FashionMNIST, and CIFAR-10, and show that it achieves superior robustness against black-box attacks compared to state-of-the-art methods. Our code is available at https://github.com/ZJLAB-AMMI/LSD.