Geometry-aware Instance-reweighted Adversarial Training

Jingfeng Zhang, Jianing Zhu, Gang Niu, Bo Han, Masashi Sugiyama, Mohan Kankanhalli

Research output: Chapter in book/report/conference proceedingConference proceedingpeer-review

Abstract

In adversarial machine learning, there was a common belief that robustness and accuracy hurt each other. The belief was challenged by recent studies where we can maintain the robustness and improve the accuracy. However, the other direction, whether we can keep the accuracy and improve the robustness, is conceptually and practically more interesting, since robust accuracy should be lower than standard accuracy for any model. In this paper, we show this direction is also promising. Firstly, we find even over-parameterized deep networks may still have insufficient model capacity, because adversarial training has an overwhelming smoothing effect. Secondly, given limited model capacity, we argue adversarial data should have unequal importance: geometrically speaking, a natural data point closer to/farther from the class boundary is less/more robust, and the corresponding adversarial data point should be assigned with larger/smaller weight. Finally, to implement the idea, we propose geometry-aware instance-reweighted adversarial training, where the weights are based on how difficult it is to attack a natural data point. Experiments show that our proposal boosts the robustness of standard adversarial training; combining two directions, we improve both robustness and accuracy of standard adversarial training.
Original languageEnglish
Title of host publicationProceedings of Ninth International Conference on Learning Representations, ICLR 2021
PublisherInternational Conference on Learning Representations
Pages1-29
Number of pages29
Publication statusPublished - May 2021
EventThe Ninth International Conference on Learning Representations, ICLR 2021 - Virtual, Vienna, Austria
Duration: 3 May 20217 May 2021
https://iclr.cc/virtual/2021/index.html
https://openreview.net/group?id=ICLR.cc/2021/Conference

Conference

ConferenceThe Ninth International Conference on Learning Representations, ICLR 2021
Country/TerritoryAustria
CityVienna
Period3/05/217/05/21
Internet address

Fingerprint

Dive into the research topics of 'Geometry-aware Instance-reweighted Adversarial Training'. Together they form a unique fingerprint.

Cite this