Enhancing Adversarial Robustness Through Robust Information Quantities

Download PDF

EN-HUI YANG, Renhao Tan

25 Sept 2024 (modified: 29 Jan 2025)ICLR 2025 Conference Withdrawn SubmissionEveryoneRevisionsBibTeXCC BY 4.0
Keywords: Adversarial Robustness, Adversarial Training
Abstract: It is known that deep neural networks (DNNs) are vulnerable to imperceptible adversarial attacks, and this fact raises concerns about their safety and reliability in real-world applications. In this paper, we aim to boost the robustness of a DNN against white-box adversarial attacks by defining three new information quantities---robust conditional mutual information (CMI), robust separation, and robust normalized CMI (NCMI)---which can serve as robust performance metrics for the DNN. We then utilize these concepts to introduce a novel training method that constrains the robust CMI and increases the robust separation simultaneously. Our experimental results demonstrate that our method consistently enhances model robustness against C\&W and AutoAttack on CIFAR and Tiny-ImageNet datasets with and without additional synthetic data. Specifically, it is shown that our approach improves the robust accuracy of a DNN by up to 2.66\% on CIFAR datasets and 3.49\% on Tiny-ImageNet in the case of PGD attack and 1.70\% on CIFAR datasets and 1.63\% on Tiny-ImageNet in the case of AutoAttack, in comparison with the state-of-the-art training methods in the literature.
Primary Area: other topics in machine learning (i.e., none of the above)
Code Of Ethics: I acknowledge that I and all co-authors of this work have read and commit to adhering to the ICLR Code of Ethics.
Submission Guidelines: I certify that this submission complies with the submission instructions as described on https://iclr.cc/Conferences/2025/AuthorGuide.
Reciprocal Reviewing: I understand the reciprocal reviewing requirement as described on https://iclr.cc/Conferences/2025/CallForPapers. If none of the authors are registered as a reviewer, it may result in a desk rejection at the discretion of the program chairs. To request an exception, please complete this form at https://forms.gle/Huojr6VjkFxiQsUp6.
Anonymous Url: I certify that there is no URL (e.g., github page) that could be used to find authors’ identity.
No Acknowledgement Section: I certify that there is no acknowledgement section in this submission for double blind review.
Submission Number: 4031

OpenReview is a long-term project to advance science through improved peer review with legal nonprofit status. We gratefully acknowledge the support of the OpenReview Sponsors. © 2025 OpenReview