Calibrated Adversarial Sampling: Multi-Armed Bandit-Guided Generalization Against Unforeseen Attacks

TL;DR

This paper introduces Calibrated Adversarial Sampling, a multi-armed bandit-guided method that enhances DNN robustness against unforeseen attacks while preserving accuracy, addressing limitations of existing adversarial training approaches.

Contribution

It proposes a novel fine-tuning method leveraging multi-armed bandit optimization to improve DNN robustness across multiple attack types.

Findings

CAS achieves superior robustness on benchmark datasets.

CAS maintains high clean accuracy.

It offers a new paradigm for robust generalization.

Abstract

Deep Neural Networks (DNNs) are known to be vulnerable to various adversarial perturbations. To address the safety concerns arising from these vulnerabilities, adversarial training (AT) has emerged as one of the most effective paradigms for enhancing the robustness of DNNs. However, existing AT frameworks primarily focus on a single or a limited set of attack types, leaving DNNs still exposed to attack types that may be encountered in practice but not addressed during training. In this paper, we propose an efficient fine-tuning method called Calibrated Adversarial Sampling (CAS) to address these issues. From the optimization perspective within the multi-armed bandit framework, it dynamically designs rewards and balances exploration and exploitation by considering the dynamic and interdependent characteristics of multiple robustness dimensions. Experiments on benchmark datasets show that CAS achieves superior overall robustness while maintaining high clean accuracy, providing a new paradigm for robust generalization of DNNs.