GReAT: A Graph Regularized Adversarial Training Method

TL;DR

GReAT introduces a graph regularized adversarial training method that leverages data structure to improve robustness and generalization of deep learning models against adversarial attacks, outperforming existing techniques.

Contribution

The paper proposes GReAT, a novel adversarial training approach that incorporates graph-based regularization to enhance model robustness and data structure utilization.

Findings

GReAT improves robustness by approximately 4.87% on CIFAR10 against FGSM.

GReAT achieves a 10.57% performance increase on SVHN against FGSM.

GReAT outperforms state-of-the-art methods in robustness evaluations.

Abstract

This paper presents GReAT (Graph Regularized Adversarial Training), a novel regularization method designed to enhance the robust classification performance of deep learning models. Adversarial examples, characterized by subtle perturbations that can mislead models, pose a significant challenge in machine learning. Although adversarial training is effective in defending against such attacks, it often overlooks the underlying data structure. In response, GReAT integrates graph based regularization into the adversarial training process, leveraging the data's inherent structure to enhance model robustness. By incorporating graph information during training, GReAT defends against adversarial attacks and improves generalization to unseen data. Extensive evaluations on benchmark datasets demonstrate that GReAT outperforms state of the art methods in robustness, achieving notable improvements in classification accuracy. Specifically, compared to the second best methods, GReAT achieves a performance increase of approximately 4.87% for CIFAR10 against FGSM attack and 10.57% for SVHN against FGSM attack. Additionally, for CIFAR10, GReAT demonstrates a performance increase of approximately 11.05% against PGD attack, and for SVHN, a 5.54% increase against PGD attack. This paper provides detailed insights into the proposed methodology, including numerical results and comparisons with existing approaches, highlighting the significant impact of GReAT in advancing the performance of deep learning models.