Adversarial training with informed data selection

TL;DR

This paper introduces a data selection strategy for adversarial training that improves robustness and accuracy while reducing computational complexity in deep neural networks.

Contribution

It proposes a novel data selection method based on cross-entropy loss to enhance adversarial training efficiency and effectiveness.

Findings

Improved robustness against adversarial attacks.

Maintained high standard accuracy.

Reduced computational complexity during training.

Abstract

With the increasing amount of available data and advances in computing capabilities, deep neural networks (DNNs) have been successfully employed to solve challenging tasks in various areas, including healthcare, climate, and finance. Nevertheless, state-of-the-art DNNs are susceptible to quasi-imperceptible perturbed versions of the original images -- adversarial examples. These perturbations of the network input can lead to disastrous implications in critical areas where wrong decisions can directly affect human lives. Adversarial training is the most efficient solution to defend the network against these malicious attacks. However, adversarial trained networks generally come with lower clean accuracy and higher computational complexity. This work proposes a data selection (DS) strategy to be applied in the mini-batch training. Based on the cross-entropy loss, the most relevant samples in the batch are selected to update the model parameters in the backpropagation. The simulation results show that a good compromise can be obtained regarding robustness and standard accuracy, whereas the computational complexity of the backpropagation pass is reduced.