SOAR: Second-Order Adversarial Regularization

Avery Ma; Fartash Faghri; Nicolas Papernot; Amir-massoud Farahmand

SOAR: Second-Order Adversarial Regularization

Avery Ma, Fartash Faghri, Nicolas Papernot, Amir-massoud Farahmand

28 Sept 2020 (modified: 05 May 2023)ICLR 2021 Conference Blind SubmissionReaders: Everyone

Keywords: Adversarial Robustness

Abstract: Adversarial training is a common approach to improving the robustness of deep neural networks against adversarial examples. In this work, we propose a novel regularization approach as an alternative. To derive the regularizer, we formulate the adversarial robustness problem under the robust optimization framework and approximate the loss function using a second-order Taylor series expansion. Our proposed second-order adversarial regularizer (SOAR) is an upper bound based on the Taylor approximation of the inner-max in the robust optimization objective. We empirically show that the proposed method improves the robustness of networks against the $\ell_\infty$ and $\ell_2$ bounded perturbations on CIFAR-10 and SVHN.

One-sentence Summary: We propose second-order adversarial regularizer (SOAR) to improve adversarial robustness of networks against $\ell_\infty$ and $\ell_2$ bounded perturbations.

Code Of Ethics: I acknowledge that I and all co-authors of this work have read and commit to adhering to the ICLR Code of Ethics

Supplementary Material: zip

Reviewed Version (pdf): https://openreview.net/references/pdf?id=VyWOUtE5q

12 Replies

Loading