Adversarial self-training for robustness and generalization

IF 3.9 3区计算机科学 Q2 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Pattern Recognition Letters Pub Date : 2024-08-02 DOI:10.1016/j.patrec.2024.07.020

Zhuorong Li , Minghui Wu , Canghong Jin , Daiwei Yu , Hongchuan Yu

{"title":"Adversarial self-training for robustness and generalization","authors":"Zhuorong Li , Minghui Wu , Canghong Jin , Daiwei Yu , Hongchuan Yu","doi":"10.1016/j.patrec.2024.07.020","DOIUrl":null,"url":null,"abstract":"<div><p><em>Adversarial training</em> is currently one of the most promising ways to achieve adversarial robustness of deep models. However, even the most sophisticated training methods is far from satisfactory, as improvement in robustness requires either heuristic strategies or more annotated data, which might be problematic in real-world applications. To alleviate these issues, we propose an effective training scheme that avoids prohibitively high cost of additional labeled data by adapting self-training scheme to adversarial training. In particular, we first use the confident prediction for a randomly-augmented image as the pseudo-label for self-training. Then we enforce the consistency regularization by targeting the adversarially-perturbed version of the same image at the pseudo-label, which implicitly suppresses the distortion of representation in latent space. Despite its simplicity, extensive experiments show that our regularization could bring significant advancement in adversarial robustness of a wide range of adversarial training methods and helps the model to generalize its robustness to larger perturbations or even against unseen adversaries.</p></div>","PeriodicalId":54638,"journal":{"name":"Pattern Recognition Letters","volume":"185 ","pages":"Pages 117-123"},"PeriodicalIF":3.9000,"publicationDate":"2024-08-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Pattern Recognition Letters","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S016786552400223X","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Adversarial training is currently one of the most promising ways to achieve adversarial robustness of deep models. However, even the most sophisticated training methods is far from satisfactory, as improvement in robustness requires either heuristic strategies or more annotated data, which might be problematic in real-world applications. To alleviate these issues, we propose an effective training scheme that avoids prohibitively high cost of additional labeled data by adapting self-training scheme to adversarial training. In particular, we first use the confident prediction for a randomly-augmented image as the pseudo-label for self-training. Then we enforce the consistency regularization by targeting the adversarially-perturbed version of the same image at the pseudo-label, which implicitly suppresses the distortion of representation in latent space. Despite its simplicity, extensive experiments show that our regularization could bring significant advancement in adversarial robustness of a wide range of adversarial training methods and helps the model to generalize its robustness to larger perturbations or even against unseen adversaries.

查看原文本刊更多论文

逆向自训练，实现稳健性和通用性

是目前最有希望实现深度模型对抗鲁棒性的方法之一。然而，即使是最复杂的训练方法也远不能令人满意，因为提高鲁棒性需要启发式策略或更多标注数据，而这在实际应用中可能会遇到问题。为了缓解这些问题，我们提出了一种有效的训练方案，通过将自我训练方案调整为对抗训练，避免了额外标记数据的高昂成本。具体来说，我们首先使用随机增强图像的可信预测作为自我训练的伪标签。然后，我们通过将同一图像的对抗扰动版本作为伪标签来执行一致性正则化，从而隐式地抑制了潜在空间中的表征失真。尽管方法简单，但大量实验表明，我们的正则化可以显著提高各种对抗训练方法的对抗鲁棒性，并帮助模型将其鲁棒性扩展到更大的扰动，甚至对抗未见过的对抗者。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Pattern Recognition Letters 工程技术-计算机：人工智能

CiteScore

12.40

自引率

5.90%

发文量

287

审稿时长

9.1 months

期刊介绍： Pattern Recognition Letters aims at rapid publication of concise articles of a broad interest in pattern recognition. Subject areas include all the current fields of interest represented by the Technical Committees of the International Association of Pattern Recognition, and other developing themes involving learning and recognition.