Sustainable Self-evolution Adversarial Training

TL;DR

This paper introduces SSEAT, a novel adversarial training framework that continuously learns from diverse attacks over time, effectively retaining knowledge and improving long-term model robustness against evolving adversarial threats.

Contribution

The paper proposes a sustainable self-evolution adversarial training framework with continual learning, data replay, and consistency regularization to enhance long-term adversarial defense.

Findings

SSEAT outperforms existing methods in defense accuracy.

The adversarial data replay module improves model retention of previous knowledge.

Consistency regularization maintains high accuracy on clean samples.

Abstract

With the wide application of deep neural network models in various computer vision tasks, there has been a proliferation of adversarial example generation strategies aimed at deeply exploring model security. However, existing adversarial training defense models, which rely on single or limited types of attacks under a one-time learning process, struggle to adapt to the dynamic and evolving nature of attack methods. Therefore, to achieve defense performance improvements for models in long-term applications, we propose a novel Sustainable Self-Evolution Adversarial Training (SSEAT) framework. Specifically, we introduce a continual adversarial defense pipeline to realize learning from various kinds of adversarial examples across multiple stages. Additionally, to address the issue of model catastrophic forgetting caused by continual learning from ongoing novel attacks, we propose an adversarial data replay module to better select more diverse and key relearning data. Furthermore, we design a consistency regularization strategy to encourage current defense models to learn more from previously trained ones, guiding them to retain more past knowledge and maintain accuracy on clean samples. Extensive experiments have been conducted to verify the efficacy of the proposed SSEAT defense method, which demonstrates superior defense performance and classification accuracy compared to competitors.Code is available at https://github.com/aup520/SSEAT