CAT:Collaborative Adversarial Training

TL;DR

The paper introduces a collaborative adversarial training framework that combines different adversarial training methods to enhance neural network robustness and accuracy, validated by extensive experiments and achieving state-of-the-art results.

Contribution

It proposes a novel collaborative adversarial training approach that leverages multiple strategies and model interactions to improve robustness beyond existing methods.

Findings

CAT achieves state-of-the-art robustness on CIFAR-10.

Combining different adversarial strategies enhances model robustness.

The method improves both robustness and accuracy without extra data.

Abstract

Adversarial training can improve the robustness of neural networks. Previous methods focus on a single adversarial training strategy and do not consider the model property trained by different strategies. By revisiting the previous methods, we find different adversarial training methods have distinct robustness for sample instances. For example, a sample instance can be correctly classified by a model trained using standard adversarial training (AT) but not by a model trained using TRADES, and vice versa. Based on this observation, we propose a collaborative adversarial training framework to improve the robustness of neural networks. Specifically, we use different adversarial training methods to train robust models and let models interact with their knowledge during the training process. Collaborative Adversarial Training (CAT) can improve both robustness and accuracy. Extensive experiments on various networks and datasets validate the effectiveness of our method. CAT achieves state-of-the-art adversarial robustness without using any additional data on CIFAR-10 under the Auto-Attack benchmark. Code is available at https://github.com/liuxingbin/CAT.