Adversarial Fine-tune with Dynamically Regulated Adversary
release_pvpalyktfrcf7cgif2h4cp5vs4
by
Pengyue Hou, Ming Zhou, Jie Han, Petr Musilek, Xingyu Li
2022
Abstract
Adversarial training is an effective method to boost model robustness to
malicious, adversarial attacks. However, such improvement in model robustness
often leads to a significant sacrifice of standard performance on clean images.
In many real-world applications such as health diagnosis and autonomous
surgical robotics, the standard performance is more valued over model
robustness against such extremely malicious attacks. This leads to the
question: To what extent we can boost model robustness without sacrificing
standard performance? This work tackles this problem and proposes a simple yet
effective transfer learning-based adversarial training strategy that
disentangles the negative effects of adversarial samples on model's standard
performance. In addition, we introduce a training-friendly adversarial attack
algorithm, which facilitates the boost of adversarial robustness without
introducing significant training complexity. Extensive experimentation
indicates that the proposed method outperforms previous adversarial training
algorithms towards the target: to improve model robustness while preserving
model's standard performance on clean data.
In text/plain
format
Archived Files and Locations
application/pdf 1.7 MB
file_fio2czuejvf7jbmfyj6djs7kkm
|
arxiv.org (repository) web.archive.org (webarchive) |
2204.13232v1
access all versions, variants, and formats of this works (eg, pre-prints)