Fast is better than free: Revisiting adversarial training

Wong, Eric; Rice, Leslie; Kolter, J. Zico

doi:10.48550/arxiv.2001.03994

Cited by 105 publications

(183 citation statements)

References 28 publications

Supporting

Mentioning

182

Contrasting

Order By: Relevance

“…We observed that addition of random augmentation further improves the results of our method. Our method outperforms both Free [67] and Fast [80] AT in accuracy and robustness, significantly.…”

Section: Transferring Robustness Without Adversarial Examplesmentioning

confidence: 88%

“…For Table 1, we take clean accuracy and auto-attack results from [18] and PGD-100 results are the best PGD attack reported results (with the same or similar setting as ours) taken from the respective papers. For Table 2, we take Shafahi et al [67], Wong et al [80]'s reported results and evaluated our model with the same settings of PGD attack. For Table 3, we train the same models with PGD7-AT [50], RKD [26] and our method.…”

Section: A1 Additional Details Of Experimental Setupmentioning

confidence: 99%

“…The adversarial training consists of an inner, iterative maximization loop to augment natural examples with adversarial perturbations, and an outer minimization loop similar to normal training. Many different methods have been introduced to improve robustness [77,15,53,92,80,67,95,79,7,82,40,45,57], but all of them are fundamentally based on the principle of training on adversarially augmented examples.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

MixACM: Mixup-Based Robustness Transfer via Distillation of Activated Channel Maps

Awais¹,

Zhou²,

Xie³

et al. 2021

Preprint

View full text Add to dashboard Cite

Deep neural networks are susceptible to adversarially crafted, small and imperceptible changes in the natural inputs. The most effective defense mechanism against these examples is adversarial training which constructs adversarial examples during training by iterative maximization of loss. The model is then trained to minimize the loss on these constructed examples. This min-max optimization requires more data, larger capacity models, and additional computing resources. It also degrades the standard generalization performance of a model. Can we achieve robustness more efficiently? In this work, we explore this question from the perspective of knowledge transfer. First, we theoretically show the transferability of robustness from an adversarially trained teacher model to a student model with the help of mixup augmentation. Second, we propose a novel robustness transfer method called Mixup-Based Activated Channel Maps (MixACM) Transfer. MixACM transfers robustness from a robust teacher to a student by matching activated channel maps generated without expensive adversarial perturbations. Finally, extensive experiments on multiple datasets and different learning scenarios show our method can transfer robustness while also improving generalization on natural images.

show abstract

Section: Transferring Robustness Without Adversarial Examplesmentioning

confidence: 88%

Section: A1 Additional Details Of Experimental Setupmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

MixACM: Mixup-Based Robustness Transfer via Distillation of Activated Channel Maps

Awais¹,

Zhou²,

Xie³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Deep models are vulnerable to adversarial examples that are maliciously constructed to mislead the models to output wrong predictions but visually indistinguishable from normal samples [182]- [185]. Adversarial training [186]- [188] is one of the most effective approaches to defend deep models against adversarial examples and enhance their robustness. Its main idea is to augment training data with existing adversarial example generation methods during the training process.…”

Section: B Collaborative Adversarial Trainingmentioning

confidence: 99%

“…For example, Shafahi et al [186] proposed an efficient adversarial training algorithm that recycles the gradient information computed at each iteration to eliminate the overhead cost of generating adversarial examples. Wong et al [188] propose to utilize Fast Gradient Sign Method (FGSM) [182] during the adversarial training process. They introduce random initialization points to improve the effectiveness the projected gradient descent based training.…”

Section: B Collaborative Adversarial Trainingmentioning

confidence: 99%

Robust and Privacy-Preserving Collaborative Learning: A Comprehensive Survey

Guo¹,

Zhang²,

Yang³

et al. 2021

Preprint

View full text Add to dashboard Cite

With the rapid demand of data and computational resources in deep learning systems, a growing number of algorithms to utilize collaborative machine learning techniques, for example, federated learning, to train a shared deep model across multiple participants. It could effectively take advantage of resource of each participant and obtain a more powerful learning system. However, integrity and privacy threats in such systems have greatly obstructed the applications of collaborative learning. And a large amount of works have been proposed to maintain the model integrity and mitigate the privacy leakage of training data during the training phase for different collaborate learning systems. Compared with existing surveys that mainly focus on one specific collaborate learning system, this survey aims to provide a systematic and comprehensive review of security and privacy researches in collaborative learning. Our survey first provides the system overview of collaborative learning, followed by an brief introduction of integrity and privacy threats. In an organized way, we then detail the existing integrity and privacy attacks as well as their defenses. We also list some open problems in this area and opensource the related papers on GitHub: https://github.com/csl-cqu/awesome-secure-collebrativelearning-papers.

show abstract

Learning to Learn from Mistakes: Robust Optimization for Adversarial Noise

Serban

Poll

Visser

2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Article 25fa pilot End User AgreementThis publication is distributed under the terms of Article 25fa of the Dutch Copyright Act (Auteurswet) with explicit consent by the author. Dutch law entitles the maker of a short scientific work funded either wholly or partially by Dutch public funds to make that work publicly available for no consideration following a reasonable period of time after the work was first published, provided that clear reference is made to the source of the first publication of the work.This publication is distributed under The Association of Universities in the Netherlands (VSNU) 'Article 25fa implementation' pilot project. In this pilot research outputs of researchers employed by Dutch Universities that comply with the legal requirements of Article 25fa of the Dutch Copyright Act are distributed online and free of cost or other barriers in institutional repositories. Research outputs are distributed six months after their first online publication in the original published version and with proper attribution to the source of the original publication.You are permitted to download and use the publication for personal purposes. All rights remain with the author(s) and/or copyrights owner(s) of this work. Any use of the publication other than authorised under this licence or copyright law is prohibited.If you believe that digital publication of certain material infringes any of your rights or (privacy) interests, please let the Library know, stating your reasons. In case of a legitimate complaint, the Library will make the material inaccessible and/or remove it from the website.

show abstract

Fast is better than free: Revisiting adversarial training

Cited by 105 publications

References 28 publications

MixACM: Mixup-Based Robustness Transfer via Distillation of Activated Channel Maps

MixACM: Mixup-Based Robustness Transfer via Distillation of Activated Channel Maps

Robust and Privacy-Preserving Collaborative Learning: A Comprehensive Survey

Learning to Learn from Mistakes: Robust Optimization for Adversarial Noise

Contact Info

Product

Resources

About