Adaptive Adversarial Norm Space for Efficient Adversarial Training
Kuurila-Zhang, Hui; Chen, Haoyu; Zhao, Guoying
BMVA Press
Kuurila-Zhang, H., Chen, H. & Zhao, G. (2023). Adaptive Adversarial Norm Space for Efficient Adversarial Training. 34th British Machine Vision Conference 2023, BMVC 2023, Aberdeen, UK, November 20-24, 2023. https://proceedings.bmvc2023.org/781/
https://rightsstatements.org/vocab/InC/1.0/
© 2023. The copyright of this document resides with its authors. It may be distributed unchanged freely in print or electronic forms.
https://rightsstatements.org/vocab/InC/1.0/
© 2023. The copyright of this document resides with its authors. It may be distributed unchanged freely in print or electronic forms.
https://rightsstatements.org/vocab/InC/1.0/
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:oulu-202405063143
https://urn.fi/URN:NBN:fi:oulu-202405063143
Tiivistelmä
Abstract
Adversarial training draws increasing attention as it can improve the robustness of deep neural networks against adversarial examples. Recent research proposed to adaptively adjust the adversarial strategy for a better learning process. However, those approaches rely on cumbersome computations for getting the optimal adversarial strategy. This paper offers a novel perspective on adversarial strategies by examining the adversarial examples' norm space. We show that cyclically altering the adversarial norm space can significantly enhance the network's robustness. Based on the observations, we propose a simple yet effective Entropy-Guided Cyclical Adversarial Strategy (ECAS) to explicitly adjust the norm space of the adversarial examples, forming an elastic-perturbation mechanism in the adversarial training framework that adaptively perturbs models based on entropy. Extensive experiments demonstrate that our proposed method can achieve promising performances and substantially reduce computational time compared to state-of-the-art methods. Moreover, we also show that ECAS can be directly plugged into existing adversarial training methods to further boost performances. The implementation of ECAS is at https://github.com/huizhg/ECAS.
Adversarial training draws increasing attention as it can improve the robustness of deep neural networks against adversarial examples. Recent research proposed to adaptively adjust the adversarial strategy for a better learning process. However, those approaches rely on cumbersome computations for getting the optimal adversarial strategy. This paper offers a novel perspective on adversarial strategies by examining the adversarial examples' norm space. We show that cyclically altering the adversarial norm space can significantly enhance the network's robustness. Based on the observations, we propose a simple yet effective Entropy-Guided Cyclical Adversarial Strategy (ECAS) to explicitly adjust the norm space of the adversarial examples, forming an elastic-perturbation mechanism in the adversarial training framework that adaptively perturbs models based on entropy. Extensive experiments demonstrate that our proposed method can achieve promising performances and substantially reduce computational time compared to state-of-the-art methods. Moreover, we also show that ECAS can be directly plugged into existing adversarial training methods to further boost performances. The implementation of ECAS is at https://github.com/huizhg/ECAS.
Kokoelmat
- Avoin saatavuus [37254]