Improving Fast Adversarial Training With Prior-Guided Knowledge

Improving Fast Adversarial Training With Prior-Guided Knowledge

Fast adversarial training (FAT) is an efficient method to improve robustness in white-box attack scenarios. However, the original FAT suffers from catastrophic overfitting, which dramatically and suddenly reduces robustness after a few training epochs. Although various FAT variants have been propose...

Ausführliche Beschreibung

Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on pattern analysis and machine intelligence. - 1979. - 46(2024), 9 vom: 23. Aug., Seite 6367-6383
1. Verfasser: Jia, Xiaojun (VerfasserIn)
Weitere Verfasser: Zhang, Yong, Wei, Xingxing, Wu, Baoyuan, Ma, Ke, Wang, Jue, Cao, Xiaochun
Format: Online-Aufsatz
Sprache:English
Veröffentlicht: 2024
Zugriff auf das übergeordnete Werk:IEEE transactions on pattern analysis and machine intelligence
Schlagworte:Journal Article
LEADER 01000caa a22002652 4500
001 NLM370202937
003 DE-627
005 20240807232529.0
007 cr uuu---uuuuu
008 240328s2024 xx |||||o 00| ||eng c
024 7 |a 10.1109/TPAMI.2024.3381180  |2 doi 
028 5 2 |a pubmed24n1494.xml 
035 |a (DE-627)NLM370202937 
035 |a (NLM)38530739 
040 |a DE-627  |b ger  |c DE-627  |e rakwb 
041 |a eng 
100 1 |a Jia, Xiaojun  |e verfasserin  |4 aut 
245 1 0 |a Improving Fast Adversarial Training With Prior-Guided Knowledge 
264 1 |c 2024 
336 |a Text  |b txt  |2 rdacontent 
337 |a ƒaComputermedien  |b c  |2 rdamedia 
338 |a ƒa Online-Ressource  |b cr  |2 rdacarrier 
500 |a Date Revised 07.08.2024 
500 |a published: Print-Electronic 
500 |a Citation Status PubMed-not-MEDLINE 
520 |a Fast adversarial training (FAT) is an efficient method to improve robustness in white-box attack scenarios. However, the original FAT suffers from catastrophic overfitting, which dramatically and suddenly reduces robustness after a few training epochs. Although various FAT variants have been proposed to prevent overfitting, they require high training time. In this paper, we investigate the relationship between adversarial example quality and catastrophic overfitting by comparing the training processes of standard adversarial training and FAT. We find that catastrophic overfitting occurs when the attack success rate of adversarial examples becomes worse. Based on this observation, we propose a positive prior-guided adversarial initialization to prevent overfitting by improving adversarial example quality without extra training time. This initialization is generated by using high-quality adversarial perturbations from the historical training process. We provide theoretical analysis for the proposed initialization and propose a prior-guided regularization method that boosts the smoothness of the loss function. Additionally, we design a prior-guided ensemble FAT method that averages the different model weights of historical models using different decay rates. Our proposed method, called FGSM-PGK, assembles the prior-guided knowledge, i.e., the prior-guided initialization and model weights, acquired during the historical training process. The proposed method can effectively improve the model's adversarial robustness in white-box attack scenarios. Evaluations of four datasets demonstrate the superiority of the proposed method 
650 4 |a Journal Article 
700 1 |a Zhang, Yong  |e verfasserin  |4 aut 
700 1 |a Wei, Xingxing  |e verfasserin  |4 aut 
700 1 |a Wu, Baoyuan  |e verfasserin  |4 aut 
700 1 |a Ma, Ke  |e verfasserin  |4 aut 
700 1 |a Wang, Jue  |e verfasserin  |4 aut 
700 1 |a Cao, Xiaochun  |e verfasserin  |4 aut 
773 0 8 |i Enthalten in  |t IEEE transactions on pattern analysis and machine intelligence  |d 1979  |g 46(2024), 9 vom: 23. Aug., Seite 6367-6383  |w (DE-627)NLM098212257  |x 1939-3539  |7 nnns 
773 1 8 |g volume:46  |g year:2024  |g number:9  |g day:23  |g month:08  |g pages:6367-6383 
856 4 0 |u http://dx.doi.org/10.1109/TPAMI.2024.3381180  |3 Volltext 
912 |a GBV_USEFLAG_A 
912 |a SYSFLAG_A 
912 |a GBV_NLM 
912 |a GBV_ILN_350 
951 |a AR 
952 |d 46  |j 2024  |e 9  |b 23  |c 08  |h 6367-6383