Abstract
Adversarial attack has recently become a tremendous threat to deep learning models. To improve the robustness of machine learning models, adversarial training, formulated as a minimax optimization problem, has been recognized as one of the most effective defense mechanisms. However, the non-convex and non-concave property poses a great challenge to the minimax training. In this paper, we empirically demonstrate that the commonly used PGD attack may not be optimal for inner maximization, and improved inner optimizer can lead to a more robust model. Then we leverage a learning-to-learn (L2L) framework to train an optimizer with recurrent neural networks, providing update directions and steps adaptively for the inner problem. By co-training optimizer’s parameters and model’s weights, the proposed framework consistently improves over PGD-based adversarial training and TRADES.
Author supplied keywords
Cite
CITATION STYLE
Xiong, Y., & Hsieh, C. J. (2020). Improved Adversarial Training via Learned Optimizer. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 12353 LNCS, pp. 85–100). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-58598-3_6
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
