Modeling Adversarial Noise for Adversarial Training

Dawei Zhou, Nannan Wang, Bo Han, Tongliang Liu*

*Corresponding author for this work

Research output: Chapter in book/report/conference proceedingConference proceedingpeer-review

6 Citations (Scopus)

Abstract

Deep neural networks have been demonstrated to be vulnerable to adversarial noise, promoting the development of defense against adversarial attacks. Motivated by the fact that adversarial noise contains well-generalizing features and that the relationship between adversarial data and natural data can help infer natural data and make reliable predictions, in this paper, we study to model adversarial noise by learning the transition relationship between adversarial labels (i.e. the flipped labels used to generate adversarial data) and natural labels (i.e. the ground truth labels of the natural data). Specifically, we introduce an instance-dependent transition matrix to relate adversarial labels and natural labels, which can be seamlessly embedded with the target model (enabling us to model stronger adaptive adversarial noise). Empirical evaluations demonstrate that our method could effectively improve adversarial accuracy.
Original languageEnglish
Title of host publicationProceedings of 39th International Conference on Machine Learning (ICML 2022)
EditorsKamalika Chaudhuri, Stefanie Jegelka, Le Song, Csaba Szepesvari, Gang Niu, Sivan Sabato
PublisherML Research Press
Pages27353-27366
Number of pages14
Publication statusPublished - 17 Jul 2022
Event39th International Conference on Machine Learning, ICML 2022 - Baltimore Convention Center , Baltimore, Maryland, United States
Duration: 17 Jul 202223 Jul 2022
https://icml.cc/Conferences/2022

Publication series

NameProceedings of Machine Learning Research
Volume162
ISSN (Print)2640-3498

Conference

Conference39th International Conference on Machine Learning, ICML 2022
Country/TerritoryUnited States
CityBaltimore, Maryland
Period17/07/2223/07/22
Internet address

Fingerprint

Dive into the research topics of 'Modeling Adversarial Noise for Adversarial Training'. Together they form a unique fingerprint.

Cite this