Generalist: Decoupling Natural and Robust Generalization

TL;DR

This paper introduces Generalist, a bi-expert training framework that decouples natural and robust generalization, leading to improved accuracy and robustness in neural networks.

Contribution

It proposes a novel bi-expert training strategy that separates natural and robust generalization, enhancing both simultaneously.

Findings

Achieves high natural accuracy and robustness.

Theoretical proof of risk reduction.

Effective in adversarial settings.

Abstract

Deep neural networks obtained by standard training have been constantly plagued by adversarial examples. Although adversarial training demonstrates its capability to defend against adversarial examples, unfortunately, it leads to an inevitable drop in the natural generalization. To address the issue, we decouple the natural generalization and the robust generalization from joint training and formulate different training strategies for each one. Specifically, instead of minimizing a global loss on the expectation over these two generalization errors, we propose a bi-expert framework called \emph{Generalist} where we simultaneously train base learners with task-aware strategies so that they can specialize in their own fields. The parameters of base learners are collected and combined to form a global learner at intervals during the training process. The global learner is then distributed to the base learners as initialized parameters for continued training. Theoretically, we prove that the risks of Generalist will get lower once the base learners are well trained. Extensive experiments verify the applicability of Generalist to achieve high accuracy on natural examples while maintaining considerable robustness to adversarial ones. Code is available at https://github.com/PKU-ML/Generalist.