Curriculum Adversarial Training

Cai, Qi-Zhi; Du, Min; Liu, Chang; Song, Dawn

doi:10.48550/arxiv.1805.04807

Cited by 22 publications

(21 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Defenses against Traditional Adversarial Examples. Most existing defenses focus on imperceptible adversarial perturbations [12], [37], [38], [10], [39], [40], [41], [42]. Papernot et al [12] proposed defensive distillation extracting the key information from a pretrained DNN to improve the resilience of a model to adversarial examples.…”

Section: Related Workmentioning

confidence: 99%

“…Similarly, PixelDefend [38] projects the adversarial input back to the training distribution. Moreover, adversarial training [10], [40], [37] improves the robustness of the DNN models by training against known attacks. Certified robustness approaches [41], [42] give a lower-bound on the adversarial accuracy.…”

Section: Related Workmentioning

confidence: 99%

“…Chiang et al [15] transferred certified robustness [41], [42], which gives a certificate when an output lies in the interval bound formed during the training process. Wu et al [16] combined a new abstract attack model that represents physically realizable attacks with adversarial training [40], [37] to increase the robustness of a model. However, both robustness approaches require extra training with high training overhead and cannot work well at ImageNet scale [15], [10].…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Detecting Localized Adversarial Examples: A Generic Approach using Critical Region Analysis

Liu

Zhang

et al. 2021

Preprint

View full text Add to dashboard Cite

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Detecting Localized Adversarial Examples: A Generic Approach using Critical Region Analysis

Liu

Zhang

et al. 2021

Preprint

View full text Add to dashboard Cite

“…Focusing on the worst-case loss over a convex outer region, Wong and Kolter [27] introduces a provable robust model. There are more improvements of PGD adversarial training techniques, including Lipschitz regularization [7] and curriculum adversarial training [3]. In a recent study by Tsipras et al [25], there exists a trade-off between standard accuracy and adversarial robustness.…”

Section: Introductionmentioning

confidence: 99%

Neural Architecture Dilation for Adversarial Robustness

Li¹,

Yang²,

Wang³

et al. 2021

Preprint

View full text Add to dashboard Cite

With the tremendous advances in the architecture and scale of convolutional neural networks (CNNs) over the past few decades, they can easily reach or even exceed the performance of humans in certain tasks. However, a recently discovered shortcoming of CNNs is that they are vulnerable to adversarial attacks. Although the adversarial robustness of CNNs can be improved by adversarial training, there is a trade-off between standard accuracy and adversarial robustness. From the neural architecture perspective, this paper aims to improve the adversarial robustness of the backbone CNNs that have a satisfactory accuracy. Under a minimal computational overhead, the introduction of a dilation architecture is expected to be friendly with the standard performance of the backbone CNN while pursuing adversarial robustness. Theoretical analyses on the standard and adversarial error bounds naturally motivate the proposed neural architecture dilation algorithm. Experimental results on real-world datasets and benchmark neural networks demonstrate the effectiveness of the proposed algorithm to balance the accuracy and adversarial robustness.Preprint. Under review.

show abstract

“…Out of the various approaches proposed to improve the robustness of deep neural network models, Adversarial Training is found to be most effective [5,20,10,23,2,6,4]. In a typical adversarial training procedure of the model, first adversarial versions of the training dataset are generated and are then used to train the model to increase its robustness on such samples [5].…”

Section: Introductionmentioning

confidence: 99%

Improving the affordability of robustness training for DNNs

Gupta¹,

Dube²,

Verma³

2020

Preprint

View full text Add to dashboard Cite

Projected Gradient Descent (PGD) based adversarial training has become one of the most prominent methods for building robust deep neural network models. However, the computational complexity associated with this approach, due to the maximization of the loss function when finding adversaries, is a longstanding problem and may be prohibitive when using larger and more complex models. In this paper, we propose a modification of the PGD method for adversarial training and demonstrate that models can be trained much more efficiently without any loss in accuracy on natural and adversarial samples. We argue that the initial phase of adversarial training is redundant and can be replaced with natural training thereby increasing the computational efficiency significantly. We support our argument with insights on the nature of the adversaries and their relative strength during the training process. We show that our proposed method can reduce the training time to up to 38% of the original training time with comparable model accuracy and generalization on various strengths of adversarial attacks.

show abstract

Curriculum Adversarial Training

Cited by 22 publications

References 6 publications

Detecting Localized Adversarial Examples: A Generic Approach using Critical Region Analysis

Detecting Localized Adversarial Examples: A Generic Approach using Critical Region Analysis

Neural Architecture Dilation for Adversarial Robustness

Improving the affordability of robustness training for DNNs

Contact Info

Product

Resources

About