Revisiting Min-Max Optimization Problem in Adversarial Training
Sina Hajer Ahmadi, Hassan Bahrami
TL;DR
This paper proposes a new approach to improve the robustness of deep neural networks against adversarial attacks by reformulating the min-max optimization problem, providing stronger security guarantees.
Contribution
It introduces a novel reformulation of the adversarial training optimization problem to enhance model robustness and security guarantees.
Findings
Significant resistance to adversarial attacks.
Concrete security guarantees demonstrated.
Advances towards fully robust deep learning models.
Abstract
The rise of computer vision applications in the real world puts the security of the deep neural networks at risk. Recent works demonstrate that convolutional neural networks are susceptible to adversarial examples - where the input images look similar to the natural images but are classified incorrectly by the model. To provide a rebuttal to this problem, we propose a new method to build robust deep neural networks against adversarial attacks by reformulating the saddle point optimization problem in \cite{madry2017towards}. Our proposed method offers significant resistance and a concrete security guarantee against multiple adversaries. The goal of this paper is to act as a stepping stone for a new variation of deep learning models which would lead towards fully robust deep learning models.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Image Processing and 3D Reconstruction · Anomaly Detection Techniques and Applications