Scaling Adversarial Training to Large Perturbation Bounds

Sravanti Addepalli; Samyak Jain; Gaurang Sriramanan; R.Venkatesh Babu

arXiv:2210.09852·cs.LG·October 19, 2022

Scaling Adversarial Training to Large Perturbation Bounds

Sravanti Addepalli, Samyak Jain, Gaurang Sriramanan, R.Venkatesh Babu

PDF

Open Access 1 Repo

TL;DR

This paper introduces Oracle-Aligned Adversarial Training (OA-AT), a novel method that enhances neural network robustness against perceptible adversarial perturbations by aligning model predictions with an Oracle, achieving state-of-the-art results at large perturbation bounds.

Contribution

The paper proposes OA-AT, a new adversarial training approach that aligns model predictions with an Oracle to improve robustness against large, perceptible perturbations, surpassing existing methods.

Findings

01

Achieves state-of-the-art robustness at large epsilon bounds (16/255) on CIFAR-10.

02

Outperforms existing defenses like AWP, TRADES, PGD-AT at standard bounds (8/255).

03

Effectively handles perturbations that may flip Oracle predictions without changing true labels.

Abstract

The vulnerability of Deep Neural Networks to Adversarial Attacks has fuelled research towards building robust models. While most Adversarial Training algorithms aim at defending attacks constrained within low magnitude Lp norm bounds, real-world adversaries are not limited by such constraints. In this work, we aim to achieve adversarial robustness within larger bounds, against perturbations that may be perceptible, but do not change human (or Oracle) prediction. The presence of images that flip Oracle predictions and those that do not makes this a challenging setting for adversarial robustness. We discuss the ideal goals of an adversarial defense algorithm beyond perceptual limits, and further highlight the shortcomings of naively extending existing training algorithms to higher perturbation bounds. In order to overcome these shortcomings, we propose a novel defense, Oracle-Aligned…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Code & Models

Repositories

val-iisc/oaat
pytorchOfficial

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications

MethodsFLIP · ALIGN