Learning Diverse-Structured Networks for Adversarial Robustness

Xuefeng Du; Jingfeng Zhang; Bo Han; Tongliang Liu; Yu Rong; Gang Niu; Junzhou Huang; Masashi Sugiyama

Learning Diverse-Structured Networks for Adversarial Robustness

Xuefeng Du, Jingfeng Zhang, Bo Han^*, Tongliang Liu, Yu Rong, Gang Niu^*, Junzhou Huang, Masashi Sugiyama

^*Corresponding author for this work

Department of Computer Science

Research output: Chapter in book/report/conference proceeding › Conference proceeding › peer-review

2 Citations (Scopus)

Abstract

In adversarial training (AT), the main focus has been the objective and optimizer while the model has been less studied, so that the models being used are still those classic ones in standard training (ST). Classic network architectures (NAs) are generally worse than searched NA in ST, which should be the same in AT. In this paper, we argue that NA and AT cannot be handled independently, since given a dataset, the optimal NA in ST would be no longer optimal in AT. That being said, AT is time-consuming itself; if we directly search NAs in AT over large search spaces, the computation will be practically infeasible. Thus, we propose diverse-structured network (DS-Net), to significantly reduce the size of the search space: instead of low-level operations, we only consider predefined atomic blocks, where an atomic block is a time-tested building block like the residual block. There are only a few atomic blocks and thus we can weight all atomic blocks rather than find the best one in a searched block of DS-Net, which is an essential tradeoff between exploring diverse structures and exploiting the best structures. Empirical results demonstrate the advantages of DS-Net, i.e., weighting the atomic blocks.

Original language	English
Title of host publication	Proceedings of the 38th International Conference on Machine Learning (ICML 2021)
Editors	Marina Meila, Tong Zhang
Publisher	ML Research Press
Pages	2880-2891
Number of pages	12
Publication status	Published - 18 Jul 2021
Event	38th International Conference on Machine Learning, ICML 2021 - Virtual Duration: 18 Jul 2021 → 24 Jul 2021 https://icml.cc/virtual/2021/index.html https://icml.cc/Conferences/2021 https://proceedings.mlr.press/v139/

Publication series

Name	Proceedings of Machine Learning Research
Volume	139
ISSN (Print)	2640-3498

Conference

Conference	38th International Conference on Machine Learning, ICML 2021
Period	18/07/21 → 24/07/21
Internet address	https://icml.cc/virtual/2021/index.html https://icml.cc/Conferences/2021 https://proceedings.mlr.press/v139/

Access to Document

http://proceedings.mlr.press/v139/du21f/du21f.pdf

Cite this

Du, X., Zhang, J., Han, B., Liu, T., Rong, Y., Niu, G., Huang, J., & Sugiyama, M. (2021). Learning Diverse-Structured Networks for Adversarial Robustness. In M. Meila, & T. Zhang (Eds.), Proceedings of the 38th International Conference on Machine Learning (ICML 2021) (pp. 2880-2891). (Proceedings of Machine Learning Research; Vol. 139). ML Research Press. http://proceedings.mlr.press/v139/du21f/du21f.pdf

@inproceedings{7fd0536bab3742cb99db9575cda405d3,

title = "Learning Diverse-Structured Networks for Adversarial Robustness",

abstract = "In adversarial training (AT), the main focus has been the objective and optimizer while the model has been less studied, so that the models being used are still those classic ones in standard training (ST). Classic network architectures (NAs) are generally worse than searched NA in ST, which should be the same in AT. In this paper, we argue that NA and AT cannot be handled independently, since given a dataset, the optimal NA in ST would be no longer optimal in AT. That being said, AT is time-consuming itself; if we directly search NAs in AT over large search spaces, the computation will be practically infeasible. Thus, we propose diverse-structured network (DS-Net), to significantly reduce the size of the search space: instead of low-level operations, we only consider predefined atomic blocks, where an atomic block is a time-tested building block like the residual block. There are only a few atomic blocks and thus we can weight all atomic blocks rather than find the best one in a searched block of DS-Net, which is an essential tradeoff between exploring diverse structures and exploiting the best structures. Empirical results demonstrate the advantages of DS-Net, i.e., weighting the atomic blocks. ",

author = "Xuefeng Du and Jingfeng Zhang and Bo Han and Tongliang Liu and Yu Rong and Gang Niu and Junzhou Huang and Masashi Sugiyama",

year = "2021",

month = jul,

day = "18",

language = "English",

series = "Proceedings of Machine Learning Research",

publisher = "ML Research Press",

pages = "2880--2891",

editor = "Marina Meila and Tong Zhang",

booktitle = "Proceedings of the 38th International Conference on Machine Learning (ICML 2021)",

note = "38th International Conference on Machine Learning, ICML 2021 ; Conference date: 18-07-2021 Through 24-07-2021",

url = "https://icml.cc/virtual/2021/index.html, https://icml.cc/Conferences/2021, https://proceedings.mlr.press/v139/",

}

Du, X, Zhang, J, Han, B, Liu, T, Rong, Y, Niu, G, Huang, J & Sugiyama, M 2021, Learning Diverse-Structured Networks for Adversarial Robustness. in M Meila & T Zhang (eds), Proceedings of the 38th International Conference on Machine Learning (ICML 2021). Proceedings of Machine Learning Research, vol. 139, ML Research Press, pp. 2880-2891, 38th International Conference on Machine Learning, ICML 2021, 18/07/21. <http://proceedings.mlr.press/v139/du21f/du21f.pdf>

Learning Diverse-Structured Networks for Adversarial Robustness. / Du, Xuefeng; Zhang, Jingfeng; Han, Bo et al.

Proceedings of the 38th International Conference on Machine Learning (ICML 2021). ed. / Marina Meila; Tong Zhang. ML Research Press, 2021. p. 2880-2891 (Proceedings of Machine Learning Research; Vol. 139).

Research output: Chapter in book/report/conference proceeding › Conference proceeding › peer-review

TY - GEN

T1 - Learning Diverse-Structured Networks for Adversarial Robustness

AU - Du, Xuefeng

AU - Zhang, Jingfeng

AU - Han, Bo

AU - Liu, Tongliang

AU - Rong, Yu

AU - Niu, Gang

AU - Huang, Junzhou

AU - Sugiyama, Masashi

PY - 2021/7/18

Y1 - 2021/7/18

N2 - In adversarial training (AT), the main focus has been the objective and optimizer while the model has been less studied, so that the models being used are still those classic ones in standard training (ST). Classic network architectures (NAs) are generally worse than searched NA in ST, which should be the same in AT. In this paper, we argue that NA and AT cannot be handled independently, since given a dataset, the optimal NA in ST would be no longer optimal in AT. That being said, AT is time-consuming itself; if we directly search NAs in AT over large search spaces, the computation will be practically infeasible. Thus, we propose diverse-structured network (DS-Net), to significantly reduce the size of the search space: instead of low-level operations, we only consider predefined atomic blocks, where an atomic block is a time-tested building block like the residual block. There are only a few atomic blocks and thus we can weight all atomic blocks rather than find the best one in a searched block of DS-Net, which is an essential tradeoff between exploring diverse structures and exploiting the best structures. Empirical results demonstrate the advantages of DS-Net, i.e., weighting the atomic blocks.

AB - In adversarial training (AT), the main focus has been the objective and optimizer while the model has been less studied, so that the models being used are still those classic ones in standard training (ST). Classic network architectures (NAs) are generally worse than searched NA in ST, which should be the same in AT. In this paper, we argue that NA and AT cannot be handled independently, since given a dataset, the optimal NA in ST would be no longer optimal in AT. That being said, AT is time-consuming itself; if we directly search NAs in AT over large search spaces, the computation will be practically infeasible. Thus, we propose diverse-structured network (DS-Net), to significantly reduce the size of the search space: instead of low-level operations, we only consider predefined atomic blocks, where an atomic block is a time-tested building block like the residual block. There are only a few atomic blocks and thus we can weight all atomic blocks rather than find the best one in a searched block of DS-Net, which is an essential tradeoff between exploring diverse structures and exploiting the best structures. Empirical results demonstrate the advantages of DS-Net, i.e., weighting the atomic blocks.

UR - https://proceedings.mlr.press/v139/du21f.html

M3 - Conference proceeding

T3 - Proceedings of Machine Learning Research

SP - 2880

EP - 2891

BT - Proceedings of the 38th International Conference on Machine Learning (ICML 2021)

A2 - Meila, Marina

A2 - Zhang, Tong

PB - ML Research Press

T2 - 38th International Conference on Machine Learning, ICML 2021

Y2 - 18 July 2021 through 24 July 2021

ER -

Learning Diverse-Structured Networks for Adversarial Robustness

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this