Guang Lin, Chao Li, Jianhai Zhang, Toshihisa Tanaka, Qibin Zhao
Published 2024-01-29, updated 2024-03-10Version 2
The deep neural networks are known to be vulnerable to well-designed adversarial attacks. The most successful defense technique based on adversarial training (AT) can achieve optimal robustness against particular attacks but cannot generalize well to unseen attacks. Another effective defense technique based on adversarial purification (AP) can enhance generalization but cannot achieve optimal robustness. Meanwhile, both methods share one common limitation on the degraded standard accuracy. To mitigate these issues, we propose a novel pipeline called Adversarial Training on Purification (AToP), which comprises two components: perturbation destruction by random transforms (RT) and purifier model fine-tuned (FT) by adversarial loss. RT is essential to avoid overlearning to known attacks resulting in the robustness generalization to unseen attacks and FT is essential for the improvement of robustness. To evaluate our method in an efficient and scalable way, we conduct extensive experiments on CIFAR-10, CIFAR-100, and ImageNette to demonstrate that our method achieves state-of-the-art results and exhibits generalization ability against unseen attacks.
Analysis and Applications of Class-wise Robustness in Adversarial Training
Do we need entire training data for adversarial training?
MoLA: Motion Generation and Editing with Latent Diffusion Enhanced by Adversarial Training
![QR code for arXiv:2401.16352 [cs.CV]](http://oss.arxitics.com/images/favicon.svg)