Sensible adversarial learning
TL;DR: We introduce sensible robustness in an effort to resolve the trade-off between robustness and accuracy of the current adversarial robustness framework.
Abstract: The trade-off between robustness and standard accuracy has been consistently reported in the machine learning literature. Although the problem has been widely studied to understand and explain this trade-off, no studies have shown the possibility of a no trade-off solution. In this paper, motivated by the fact that the high dimensional distribution is poorly represented by limited data samples, we introduce sensible adversarial learning and demonstrate the synergistic effect between pursuits of natural accuracy and robustness. Specifically, we define a sensible adversary which is useful for learning a defense model and keeping a high natural accuracy simultaneously. We theoretically establish that the Bayes rule is the most robust multi-class classifier with the 0-1 loss under sensible adversarial learning. We propose a novel and efficient algorithm that trains a robust model with sensible adversarial examples, without a significant drop in natural accuracy. Our model on CIFAR10 yields state-of-the-art results against various attacks with perturbations restricted to l∞ with ε = 8/255, e.g., the robust accuracy 65.17% against PGD attacks as well as the natural accuracy 91.51%.
Code: https://drive.google.com/drive/folders/1-0HPLEBU_FcQJ_7aPHB7uE8RfYryOQOV?usp=sharing
Keywords: adversarial learning, deep neural networks, trade-off, margins, sensible reversion, sensible robustness
Original Pdf: pdf
15 Replies
Loading