Fast adversarial training method based on discrete cosine transform

A fast adversarial training method based on discrete cosine transform (DCT) was proposed from the perspective of the frequency domain in order to enhance the robustness of deep neural network. An adversarial initialization generation module was introduced, which adaptively generated initialization information based on the system’s robustness, allowing for more accurate capture of image features and effectively avoiding catastrophic overfitting. Random spectral transformations were applied to the samples, transforming them from the spatial domain to the frequency domain, which improved the model’s transferability and generalization ability by controlling spectral saliency. The effectiveness of the proposed method was validated on the CIFAR-10 and CIFAR-100 datasets. The experimental results show that the robust accuracy of the proposed method on CIFAR-10 improved by 2% to 9% compared to existing methods, and improved by 1% to 9% on CIFAR-100 by using ResNet18 as the target network and facing PGD-10 attacks. Similar effects were achieved when facing PGD-20, PGD-50, C&W and other attacks, as well as when applied to more complex model architectures. The proposed method not only avoids catastrophic overfitting but also effectively enhances system robustness. © 2024 Zhejiang University. All rights reserved.