Subspace Adversarial Training

被引：21

作者：

Li, Tao ^{[1
]}

Wu, Yingwen ^{[1
]}

Chen, Sizhe ^{[1
]}

Fang, Kun ^{[1
]}

Huang, Xiaolin ^{[1
]}

机构：

[1] Shanghai Jiao Tong Univ, Dept Automat, Shanghai, Peoples R China

来源：

2022 IEEE/CVF CONFERENCE ON COMPUTER VISION AND PATTERN RECOGNITION (CVPR) | 2022年

基金：

中国国家自然科学基金;

关键词：

D O I：

10.1109/CVPR52688.2022.01305

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Single-step adversarial training (AT) has received wide attention as it proved to be both efficient and robust. However, a serious problem of catastrophic overfitting exists, i.e., the robust accuracy against projected gradient descent (PGD) attack suddenly drops to 0% during the training. In this paper, we approach this problem from a novel perspective of optimization and firstly reveal the close link between the fast-growing gradient of each sample and overfitting, which can also be applied to understand robust overfitting in multi-step AT. To control the growth of the gradient, we propose a new AT method, Subspace Adversarial Training (Sub-AT), which constrains AT in a carefully extracted subspace. It successfully resolves both kinds of overfitting and significantly boosts the robustness. In subspace, we also allow single-step AT with larger steps and larger radius, further improving the robustness performance. As a result, we achieve state-of-the-art single-step AT performance. Without any regularization term, our single-step AT can reach over 51% robust accuracy against strong PGD-50 attack of radius 8/255 on CIFAR-10, reaching a competitive performance against standard multi-step PGD-10 AT with huge computational advantages. The code is released at https://github.com/nblt/Sub-AT.

引用

页码：13399 / 13408

页数：10

共 50 条

[1] DETECTION OF ADVERSARIAL ATTACKS AND CHARACTERIZATION OF ADVERSARIAL SUBSPACE
Esmaeilpour, Mohammad
Cardinal, Patrick
Koerich, Alessandro Lameiras
[J]. 2020 IEEE INTERNATIONAL CONFERENCE ON ACOUSTICS, SPEECH, AND SIGNAL PROCESSING, 2020, : 3097 - 3101
[2] ON THE ADVERSARIAL ROBUSTNESS OF SUBSPACE LEARNING
Li, Fuwei
Lai, Lifeng
Cui, Shuguang
[J]. 2019 IEEE INTERNATIONAL CONFERENCE ON ACOUSTICS, SPEECH AND SIGNAL PROCESSING (ICASSP), 2019, : 2477 - 2481
[3] Deep Adversarial Subspace Clustering
Zhou, Pan
Hou, Yunqing
Feng, Jiashi
[J]. 2018 IEEE/CVF CONFERENCE ON COMPUTER VISION AND PATTERN RECOGNITION (CVPR), 2018, : 1596 - 1604
[4] On the Adversarial Robustness of Subspace Learning
Li, Fuwei
Lai, Lifeng
Cui, Shuguang
[J]. IEEE TRANSACTIONS ON SIGNAL PROCESSING, 2020, 68 (68) : 1470 - 1483
[5] Adversarial Domain Adaptive Subspace Clustering
Abavisani, Mahdi
Patel, Vishal M.
[J]. 2018 IEEE 4TH INTERNATIONAL CONFERENCE ON IDENTITY, SECURITY, AND BEHAVIOR ANALYSIS (ISBA), 2018,
[6] Modeling Adversarial Noise for Adversarial Training
Zhou, Dawei
Wang, Nannan
Han, Bo
Liu, Tongliang
[J]. INTERNATIONAL CONFERENCE ON MACHINE LEARNING, VOL 162, 2022,
[7] SCAD: Subspace Clustering based Adversarial Detector
Hu, Xinrong
Chen, Wushuan
Yang, Jie
Guo, Yi
Yao, Xun
Wang, Bangchao
Liu, Junping
Xu, Ce
[J]. PROCEEDINGS OF THE 17TH ACM INTERNATIONAL CONFERENCE ON WEB SEARCH AND DATA MINING, WSDM 2024, 2024, : 286 - 294
[8] Orthogonal Subspace Representation for Generative Adversarial Networks
Jiang, Hongxiang
Luo, Xiaoyan
Yin, Jihao
Fu, Huazhu
Wang, Fuxiang
[J]. IEEE TRANSACTIONS ON NEURAL NETWORKS AND LEARNING SYSTEMS, 2024, : 1 - 15
[9] Adversarial Incomplete Multiview Subspace Clustering Networks
Xu, Cai
Liu, Hongmin
Guan, Ziyu
Wu, Xunlian
Tan, Jiale
Ling, Beilei
[J]. IEEE TRANSACTIONS ON CYBERNETICS, 2022, 52 (10) : 10490 - 10503
[10] Adversarial examples generated from sample subspace
Liu, Xiaozhang
Li, Lang
Wang, Xueyang
Hu, Li
[J]. COMPUTER STANDARDS & INTERFACES, 2022, 82

← 1 2 3 4 5 →