Enhancing Adversarial Training via Reweighting Optimization Trajectory

TL;DR

This paper introduces Weighted Optimization Trajectories (WOT), a novel method that refines adversarial training by leveraging historical optimization paths, significantly improving robustness and generalization across multiple datasets and attacks.

Contribution

WOT is a new approach that enhances adversarial training by utilizing optimization trajectories, effectively reducing robust overfitting and boosting robustness without complex regularization.

Findings

WOT improves robust accuracy by 1.53% to 6.11% under AA-L∞ attack.

WOT increases clean accuracy by 0.55% to 5.47%.

WOT consistently outperforms existing methods across datasets.

Abstract

Despite the fact that adversarial training has become the de facto method for improving the robustness of deep neural networks, it is well-known that vanilla adversarial training suffers from daunting robust overfitting, resulting in unsatisfactory robust generalization. A number of approaches have been proposed to address these drawbacks such as extra regularization, adversarial weights perturbation, and training with more data over the last few years. However, the robust generalization improvement is yet far from satisfactory. In this paper, we approach this challenge with a brand new perspective -- refining historical optimization trajectories. We propose a new method named \textbf{Weighted Optimization Trajectories (WOT)} that leverages the optimization trajectories of adversarial training in time. We have conducted extensive experiments to demonstrate the effectiveness of WOT under various state-of-the-art adversarial attacks. Our results show that WOT integrates seamlessly with the existing adversarial training methods and consistently overcomes the robust overfitting issue, resulting in better adversarial robustness. For example, WOT boosts the robust accuracy of AT-PGD under AA-$L_{\infty}$ attack by 1.53\% $\sim$ 6.11\% and meanwhile increases the clean accuracy by 0.55\%$\sim$5.47\% across SVHN, CIFAR-10, CIFAR-100, and Tiny-ImageNet datasets.