Improved robustness to adversarial examples using Lipschitz regularization of the loss

Chris Finlay; Adam M. Oberman; Bilal Abbasi

Improved robustness to adversarial examples using Lipschitz regularization of the loss

Chris Finlay, Adam M. Oberman, Bilal Abbasi

27 Sept 2018 (modified: 05 May 2023)ICLR 2019 Conference Blind SubmissionReaders: Everyone

Abstract: We augment adversarial training (AT) with worst case adversarial training (WCAT) which improves adversarial robustness by 11% over the current state- of-the-art result in the `2-norm on CIFAR-10. We interpret adversarial training as Total Variation Regularization, which is a fundamental tool in mathematical im- age processing, and WCAT as Lipschitz regularization, which appears in Image Inpainting. We obtain verifiable worst and average case robustness guarantees, based on the expected and maximum values of the norm of the gradient of the loss.

Keywords: Adversarial training, adversarial examples, deep neural networks, regularization, Lipschitz constant

TL;DR: Improvements to adversarial robustness, as well as provable robustness guarantees, are obtained by augmenting adversarial training with a tractable Lipschitz regularization

15 Replies

Loading