Adversarial Training Generalizes Data-dependent Spectral Norm Regularization

Kevin Roth; Yannic Kilcher; Thomas Hofmann

Adversarial Training Generalizes Data-dependent Spectral Norm Regularization

Kevin Roth, Yannic Kilcher, Thomas Hofmann

25 Sept 2019 (modified: 05 May 2023)ICLR 2020 Conference Blind SubmissionReaders: Everyone

TL;DR: We establish a theoretical link between adversarial training and operator norm regularization for deep neural networks.

Abstract: We establish a theoretical link between adversarial training and operator norm regularization for deep neural networks. Specifically, we present a data-dependent variant of spectral norm regularization and prove that it is equivalent to adversarial training based on a specific $\ell_2$-norm constrained projected gradient ascent attack. This fundamental connection confirms the long-standing argument that a network's sensitivity to adversarial examples is tied to its spectral properties and hints at novel ways to robustify and defend against adversarial attacks. We provide extensive empirical evidence to support our theoretical results.

Keywords: Adversarial Robustness, Adversarial Training, Spectral Norm Regularization

Original Pdf: pdf

15 Replies

Loading