D2R: dual regularization loss with collaborative adversarial generation for model robustness

TL;DR

This paper introduces D2R, a dual regularization loss combined with collaborative adversarial generation, to improve the robustness of deep neural networks against adversarial attacks, outperforming existing methods.

Contribution

The paper proposes a novel dual regularization loss and collaborative adversarial generation strategy for enhanced adversarial training of neural networks.

Findings

D2R with CAG significantly improves model robustness on benchmark datasets.

The method outperforms existing adversarial training approaches.

Extensive experiments validate the effectiveness of the proposed approach.

Abstract

The robustness of Deep Neural Network models is crucial for defending models against adversarial attacks. Recent defense methods have employed collaborative learning frameworks to enhance model robustness. Two key limitations of existing methods are (i) insufficient guidance of the target model via loss functions and (ii) non-collaborative adversarial generation. We, therefore, propose a dual regularization loss (D2R Loss) method and a collaborative adversarial generation (CAG) strategy for adversarial training. D2R loss includes two optimization steps. The adversarial distribution and clean distribution optimizations enhance the target model's robustness by leveraging the strengths of different loss functions obtained via a suitable function space exploration to focus more precisely on the target model's distribution. CAG generates adversarial samples using a gradient-based collaboration between guidance and target models. We conducted extensive experiments on three benchmark databases, including CIFAR-10, CIFAR-100, Tiny ImageNet, and two popular target models, WideResNet34-10 and PreActResNet18. Our results show that D2R loss with CAG produces highly robust models.