Adversarial Amendment is the Only Force Capable of Transforming an Enemy into a Friend
Chong Yu, Tao Chen, Zhongxue Gan
TL;DR
This paper proposes adversarial amendment (AdvAmd), a novel method that uses adversarial attacks to enhance neural network accuracy on benign samples, challenging the view of adversarial attacks solely as threats.
Contribution
The paper introduces AdvAmd, a new approach that leverages adversarial attacks to improve neural model accuracy, unlike traditional defense methods.
Findings
AdvAmd heals accuracy degradation on benign samples
AdvAmd boosts accuracy in classification, detection, segmentation
Key components include mediate samples, auxiliary batch norm, and specialized loss
Abstract
Adversarial attack is commonly regarded as a huge threat to neural networks because of misleading behavior. This paper presents an opposite perspective: adversarial attacks can be harnessed to improve neural models if amended correctly. Unlike traditional adversarial defense or adversarial training schemes that aim to improve the adversarial robustness, the proposed adversarial amendment (AdvAmd) method aims to improve the original accuracy level of neural models on benign samples. We thoroughly analyze the distribution mismatch between the benign and adversarial samples. This distribution mismatch and the mutual learning mechanism with the same learning ratio applied in prior art defense strategies is the main cause leading the accuracy degradation for benign samples. The proposed AdvAmd is demonstrated to steadily heal the accuracy degradation and even leads to a certain accuracy…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Integrated Circuits and Semiconductor Failure Analysis