Mitigating Accuracy-Robustness Trade-Off via Balanced Multi-Teacher Adversarial Distillation

Mitigating Accuracy-Robustness Trade-Off via Balanced Multi-Teacher Adversarial Distillation

Adversarial Training is a practical approach for improving the robustness of deep neural networks against adversarial attacks. Although bringing reliable robustness, the performance towards clean examples is negatively affected after Adversarial Training, which means a trade-off exists between accur...

Ausführliche Beschreibung

Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on pattern analysis and machine intelligence. - 1979. - 46(2024), 12 vom: 26. Nov., Seite 9338-9352
1. Verfasser: Zhao, Shiji (VerfasserIn)
Weitere Verfasser: Wang, Xizhe, Wei, Xingxing
Format: Online-Aufsatz
Sprache:English
Veröffentlicht: 2024
Zugriff auf das übergeordnete Werk:IEEE transactions on pattern analysis and machine intelligence
Schlagworte:Journal Article
LEADER 01000caa a22002652 4500
001 NLM373770669
003 DE-627
005 20241107232057.0
007 cr uuu---uuuuu
008 240619s2024 xx |||||o 00| ||eng c
024 7 |a 10.1109/TPAMI.2024.3416308  |2 doi 
028 5 2 |a pubmed24n1593.xml 
035 |a (DE-627)NLM373770669 
035 |a (NLM)38889035 
040 |a DE-627  |b ger  |c DE-627  |e rakwb 
041 |a eng 
100 1 |a Zhao, Shiji  |e verfasserin  |4 aut 
245 1 0 |a Mitigating Accuracy-Robustness Trade-Off via Balanced Multi-Teacher Adversarial Distillation 
264 1 |c 2024 
336 |a Text  |b txt  |2 rdacontent 
337 |a ƒaComputermedien  |b c  |2 rdamedia 
338 |a ƒa Online-Ressource  |b cr  |2 rdacarrier 
500 |a Date Revised 07.11.2024 
500 |a published: Print-Electronic 
500 |a Citation Status PubMed-not-MEDLINE 
520 |a Adversarial Training is a practical approach for improving the robustness of deep neural networks against adversarial attacks. Although bringing reliable robustness, the performance towards clean examples is negatively affected after Adversarial Training, which means a trade-off exists between accuracy and robustness. Recently, some studies have tried to use knowledge distillation methods in Adversarial Training, achieving competitive performance in improving the robustness but the accuracy for clean samples is still limited. In this paper, to mitigate the accuracy-robustness trade-off, we introduce the Balanced Multi-Teacher Adversarial Robustness Distillation (B-MTARD) to guide the model's Adversarial Training process by applying a strong clean teacher and a strong robust teacher to handle the clean examples and adversarial examples, respectively. During the optimization process, to ensure that different teachers show similar knowledge scales, we design the Entropy-Based Balance algorithm to adjust the teacher's temperature and keep the teachers' information entropy consistent. Besides, to ensure that the student has a relatively consistent learning speed from multiple teachers, we propose the Normalization Loss Balance algorithm to adjust the learning weights of different types of knowledge. A series of experiments conducted on three public datasets demonstrate that B-MTARD outperforms the state-of-the-art methods against various adversarial attacks 
650 4 |a Journal Article 
700 1 |a Wang, Xizhe  |e verfasserin  |4 aut 
700 1 |a Wei, Xingxing  |e verfasserin  |4 aut 
773 0 8 |i Enthalten in  |t IEEE transactions on pattern analysis and machine intelligence  |d 1979  |g 46(2024), 12 vom: 26. Nov., Seite 9338-9352  |w (DE-627)NLM098212257  |x 1939-3539  |7 nnns 
773 1 8 |g volume:46  |g year:2024  |g number:12  |g day:26  |g month:11  |g pages:9338-9352 
856 4 0 |u http://dx.doi.org/10.1109/TPAMI.2024.3416308  |3 Volltext 
912 |a GBV_USEFLAG_A 
912 |a SYSFLAG_A 
912 |a GBV_NLM 
912 |a GBV_ILN_350 
951 |a AR 
952 |d 46  |j 2024  |e 12  |b 26  |c 11  |h 9338-9352