Abstract
Neural networks are vulnerable to adversarial attacks. Practically, adversarial training is by far the most effective approach for enhancing the robustness of neural networks against adversarial examples. The current adversarial training approach aims to maximize the posterior probability for adversarially perturbed training data. However, such a training strategy ignores the fact that the clean data and adversarial examples should have intrinsically different feature distributions despite that they are assigned with the same class label under adversarial training. We propose that this problem can be solved by explicitly modeling the deep feature distribution, for example as a Gaussian Mixture, and then properly introducing the likelihood regularization into the loss function. Specifically, by maximizing the likelihood of features of clean data and minimizing that of adversarial examples simultaneously, the neural network learns a more reasonable feature distribution in which the intrinsic difference between clean data and adversarial examples can be explicitly preserved. We call such a new robust training strategy the adversarial training with bi-directional likelihood regularization (ATBLR) method. Extensive experiments on various datasets demonstrate that the ATBLR method facilitates robust classification of both clean data and adversarial examples, and performs favorably against previous state-of-the-art methods for robust visual classification.
| Original language | English |
|---|---|
| Title of host publication | Computer Vision – ECCV 2020 - 16th European Conference, 2020, Proceedings |
| Editors | Andrea Vedaldi, Horst Bischof, Thomas Brox, Jan-Michael Frahm |
| Publisher | Springer Science and Business Media Deutschland GmbH |
| Pages | 785-800 |
| Number of pages | 16 |
| ISBN (Print) | 9783030585853 |
| DOIs | |
| Publication status | Published - 2020 |
| Event | 16th European Conference on Computer Vision, ECCV 2020 - Glasgow, United Kingdom Duration: 2020 Aug 23 → 2020 Aug 28 |
Publication series
| Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
|---|---|
| Volume | 12369 LNCS |
| ISSN (Print) | 0302-9743 |
| ISSN (Electronic) | 1611-3349 |
Conference
| Conference | 16th European Conference on Computer Vision, ECCV 2020 |
|---|---|
| Country/Territory | United Kingdom |
| City | Glasgow |
| Period | 20/8/23 → 20/8/28 |
Bibliographical note
Funding Information:Acknowledgements. This work was supported by the National Natural Science Foundation of China under Grant 61673234 and the program of China Scholarships Council (No. 201906210354). M.-H. Yang is supported in part by NSF CAREER Grant 1149783.
Publisher Copyright:
© 2020, Springer Nature Switzerland AG.
All Science Journal Classification (ASJC) codes
- Theoretical Computer Science
- Computer Science(all)