Better Generalization with Adaptive Adversarial Training
Abstract: An effective method to obtain an adversarial robust network is to train the network with adversarially perturbed samples. Perturbing all the samples adversarially has shown to increase the robustness of the networks significantly, but in turn affecting the generalization of the network to unperturbed points. We propose an adaptive training method which aims to perturb only a portion of the training samples which aids not only adversarial robustness but also better generalization as
compared to perturbing all the training samples. This method is also faster than perturbing the entire training set.
1 Reply
Loading