Inducing Data Amplification Using Auxiliary Datasets in Adversarial Training

TL;DR

This paper introduces BiaMAT, a method that leverages auxiliary datasets to enhance adversarial robustness in primary datasets through multi-domain learning, even when class distributions differ.

Contribution

BiaMAT enables data amplification for adversarial training using diverse auxiliary datasets without requiring class distribution matching, addressing domain discrepancy issues.

Findings

BiaMAT improves adversarial robustness on primary datasets.

Theoretical and empirical evidence supports data amplification effectiveness.

The method handles domain discrepancy via confidence-based selection.

Abstract

Several recent studies have shown that the use of extra in-distribution data can lead to a high level of adversarial robustness. However, there is no guarantee that it will always be possible to obtain sufficient extra data for a selected dataset. In this paper, we propose a biased multi-domain adversarial training (BiaMAT) method that induces training data amplification on a primary dataset using publicly available auxiliary datasets, without requiring the class distribution match between the primary and auxiliary datasets. The proposed method can achieve increased adversarial robustness on a primary dataset by leveraging auxiliary datasets via multi-domain learning. Specifically, data amplification on both robust and non-robust features can be accomplished through the application of BiaMAT as demonstrated through a theoretical and empirical analysis. Moreover, we demonstrate that while existing methods are vulnerable to negative transfer due to the distributional discrepancy between auxiliary and primary data, the proposed method enables neural networks to flexibly leverage diverse image datasets for adversarial training by successfully handling the domain discrepancy through the application of a confidence-based selection strategy. The pre-trained models and code are available at: \url{https://github.com/Saehyung-Lee/BiaMAT}.