Sustainable Self-evolution Adversarial Training

Download PDF

Wenxuan Wang, Chenglei Wang, huihui Qi, Menghao Ye, Xuelin Qian, PENG WANG, Yanning Zhang

Published: 20 Jul 2024, Last Modified: 21 Jul 2024MM2024 PosterEveryoneRevisionsBibTeXCC BY 4.0
Abstract: With the wide application of deep neural network models in various computer vision tasks, there has been a proliferation of adversarial example generation strategies aimed at exploring model security deeply. However, existing adversarial training defense models, which rely on single or limited types of attacks under a one-time learning process, struggle to adapt to the dynamic and evolving nature of attack methods. Therefore, to achieve defense performance improvements for models in long-term applications, we propose a novel Sustainable Self-evolution Adversarial Training (SSEAT) framework. Specifically, we introduce a continual adversarial defense pipeline to realize learning from various kinds of adversarial examples across multiple stages. Additionally, to address the issue of model catastrophic forgetting caused by continual learning from ongoing novel attacks, we propose an adversarial data replay module to better select more diverse and key relearning data. Furthermore, we design a consistency regularization strategy to encourage current defense models to learn more from previously trained ones, guiding them to retain more past knowledge and maintain accuracy on clean samples. Extensive experiments have been conducted to verify the efficacy of the proposed SSEAT defense method, which demonstrates superior defense performance and classification accuracy compared to competitors.
Primary Subject Area: [Experience] Multimedia Applications
Secondary Subject Area: [Content] Vision and Language
Relevance To Conference: Due to the widespread popularity of deep models in current multimedia applications, there are endless attack methods to explore the robustness of deep models. In order to deal with the problem of continuous generation of new adversarial examples in complex multimedia application scenarios, inspired by the continue learning paradigm, we innovatively proposed the Sustainable Self-evolution Adversarial Training framework, to achieve superior defense performance and classification accuracy.
Supplementary Material: zip
Submission Number: 2416