Advancing Adversarial Training by Injecting Booster Signal

TL;DR

This paper introduces a novel external booster signal that, when injected into images, enhances both adversarial robustness and natural accuracy of deep neural networks, outperforming existing adversarial training methods.

Contribution

It proposes a new external booster signal approach that improves robustness and accuracy, compatible with various adversarial training techniques.

Findings

Booster signal improves both natural and adversarial accuracy.

The method is compatible with existing adversarial training approaches.

Experimental results outperform recent state-of-the-art methods.

Abstract

Recent works have demonstrated that deep neural networks (DNNs) are highly vulnerable to adversarial attacks. To defend against adversarial attacks, many defense strategies have been proposed, among which adversarial training has been demonstrated to be the most effective strategy. However, it has been known that adversarial training sometimes hurts natural accuracy. Then, many works focus on optimizing model parameters to handle the problem. Different from the previous approaches, in this paper, we propose a new approach to improve the adversarial robustness by using an external signal rather than model parameters. In the proposed method, a well-optimized universal external signal called a booster signal is injected into the outside of the image which does not overlap with the original content. Then, it boosts both adversarial robustness and natural accuracy. The booster signal is optimized in parallel to model parameters step by step collaboratively. Experimental results show that the booster signal can improve both the natural and robust accuracies over the recent state-of-the-art adversarial training methods. Also, optimizing the booster signal is general and flexible enough to be adopted on any existing adversarial training methods.