Max-Margin Adversarial (MMA) Training: Direct Input Space Margin Maximization through Adversarial Training.
arXiv: Learning(2018)
摘要
Adversarial robustness is determined by the data pointsu0027 margins, the distances in the input space from the data points to the decision boundary of the classifier. We study the connection between directly maximizing these margins and adversarial training. In particular, we show that these two different objectives have aligned gradient. Furthermore, we show that directly maximizing margins is an improvement on adversarial training, in the sense that it can be interpreted as adversarial training with automatically selected correct perturbation magnitudes that are different for each individual data point. Motivated by our theoretical analysis, we propose the Max-Margin Adversarial (MMA) training to maximize the average margin. We demonstrate the efficiency of the MMA training framework on the MNIST and CIFAR10 datasets. On both, our MMA trained models obtain state-of-the-art robustness under various $ell_infty$ and $ell_2$ attacks. In particular, under the $ell_infty$ constraint with $epsilon=8/255$ on the CIFAR10 dataset, our MMA trained model achieved $9%$ higher robust accuracy than the best prior work reported in Madry et al. (2017).
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络