Adversarial Robustness through Wide Local Minima: A Simple Training Technique

Anton S. Khritankov; Andrey Veprikov; Sergey Smirnov

Adversarial Robustness through Wide Local Minima: A Simple Training Technique

Anton S. Khritankov, Andrey Veprikov, Sergey Smirnov

Published: 20 Sept 2024, Last Modified: 29 Sept 2024ICOMP PublicationEveryoneRevisionsBibTeXCC BY 4.0

Keywords: adversarial robustness, learning algorithms, image classification, deep neural networks

TL;DR: It is possible to improve adversarial robustness by choosing appropriate parameters of the learning algorithm to reach wide minima

Abstract: Achieving adversarial robustness is a critical aspect of ensuring the security and reliability of machine learning models, particularly in applications where trustworthiness is paramount. This paper delves into the theoretical aspects and impact of width of the local minima and learning parameters on adversarial robustness in Deep Neural Networks (DNNs) for image classification tasks. Through our investigation of gradient learning methods, we identify that certain optimization parameters can enhance robustness without compromising prediction quality. Building on these findings, we introduce a novel adversarial defense technique aimed at improving the model's resilience against attacks.

Submission Number: 28

Loading