The Power of Many: Synergistic Unification of Diverse Augmentations for Efficient Adversarial Robustness

TL;DR

This paper introduces UAA, a novel, efficient data augmentation framework that leverages the synergy of diverse strategies to significantly improve adversarial robustness without high computational costs.

Contribution

The paper proposes the Universal Adversarial Augmenter (UAA), a plug-and-play, efficient framework that pre-computes universal transformations to generate adversarial examples during training.

Findings

UAA achieves state-of-the-art robustness on multiple benchmarks.

UAA reduces training overhead by decoupling perturbation generation.

UAA outperforms existing augmentation methods in adversarial defense.

Abstract

Adversarial perturbations pose a significant threat to deep learning models. Adversarial Training (AT), the predominant defense method, faces challenges of high computational costs and a degradation in standard performance. While data augmentation offers an alternative path, existing techniques either yield limited robustness gains or incur substantial training overhead. Therefore, developing a defense mechanism that is both highly efficient and strongly robust is of paramount importance.In this work, we first conduct a systematic analysis of existing augmentation techniques, revealing that the synergy among diverse strategies -- rather than any single method -- is crucial for enhancing robustness. Based on this insight, we propose the Universal Adversarial Augmenter (UAA) framework, which is characterized by its plug-and-play nature and training efficiency. UAA decouples the expensive perturbation generation process from model training by pre-computing a universal transformation offline, which is then used to efficiently generate unique adversarial perturbations for each sample during training.Extensive experiments conducted on multiple benchmarks validate the effectiveness of UAA. The results demonstrate that UAA establishes a new state-of-the-art (SOTA) for data-augmentation-based adversarial defense strategies , without requiring the online generation of adversarial examples during training. This framework provides a practical and efficient pathway for building robust models,Our code is available in the supplementary materials.