Learning to Defense by Learning to AttackDownload PDF

Zhehui Chen, Haoming Jiang, Yuyang Shi, Bo Dai, Tuo Zhao

Published: 03 May 2019, Last Modified: 22 Oct 2023DeepGenStruct 2019Readers: Everyone
Keywords: Adversarial Training, Learning to Learn/Optimize, Nonconvex-Nonconcave Minmax Optimization
TL;DR: Don't know how to optimize? Then just learn to optimize!
Abstract: Adversarial training provides a principled approach for training robust neural networks. From an optimization perspective, the adversarial training is essentially solving a minmax robust optimization problem. The outer minimization is trying to learn a robust classifier, while the inner maximization is trying to generate adversarial samples. Unfortunately, such a minmax problem is very difficult to solve due to the lack of convex-concave structure. This work proposes a new adversarial training method based on a general learning-to-learn framework. Specifically, instead of applying the existing hand-design algorithms for the inner problem, we learn an optimizer, which is parametrized as a convolutional neural network. At the same time, a robust classifier is learned to defense the adversarial attack generated by the learned optimizer. From the perspective of generative learning, our proposed method can be viewed as learning a deep generative model for generating adversarial samples, which is adaptive to the robust classification. Our experiments demonstrate that our proposed method significantly outperforms existing adversarial training methods on CIFAR-10 and CIFAR-100 datasets.
Community Implementations: [![CatalyzeX](/images/catalyzex_icon.svg) 2 code implementations](https://www.catalyzex.com/paper/arxiv:1811.01213/code)
3 Replies