Adversarial Training in Low-Label Regimes with Margin-Based Interpolation

TL;DR

This paper presents a semi-supervised adversarial training method that uses margin-based interpolation and adaptive epsilon scheduling to improve neural network robustness and accuracy in low-label settings.

Contribution

It introduces a novel margin-based interpolation technique and a global epsilon scheduling strategy for adversarial training in low-label regimes.

Findings

Enhanced robustness against PGD and AutoAttack

Improved natural accuracy in low-label settings

Effective decision boundary development

Abstract

Adversarial training has emerged as an effective approach to train robust neural network models that are resistant to adversarial attacks, even in low-label regimes where labeled data is scarce. In this paper, we introduce a novel semi-supervised adversarial training approach that enhances both robustness and natural accuracy by generating effective adversarial examples. Our method begins by applying linear interpolation between clean and adversarial examples to create interpolated adversarial examples that cross decision boundaries by a controlled margin. This sample-aware strategy tailors adversarial examples to the characteristics of each data point, enabling the model to learn from the most informative perturbations. Additionally, we propose a global epsilon scheduling strategy that progressively adjusts the upper bound of perturbation strengths during training. The combination of these strategies allows the model to develop increasingly complex decision boundaries with better robustness and natural accuracy. Empirical evaluations show that our approach effectively enhances performance against various adversarial attacks, such as PGD and AutoAttack.