Dynamic Label Adversarial Training for Deep Learning Robustness Against Adversarial Attacks

Liu, Z; Duan, H; Liang, H; Long, Y; Snasel, V; Nicosia, G; Ranjan, R; Ojha, V

doi:10.1007/978-981-96-6957-8_12

Dynamic Label Adversarial Training for Deep Learning Robustness Against Adversarial Attacks

Lookup NU author(s): Dr Zhenyu Liu, Dr Haoran Duan, Dr Hongjin Liang, Dr Yang Long, Professor Raj Ranjan, Dr Varun Ojha ORCiD

Downloads

Accepted version [.pdf]

Licence

This work is licensed under a Creative Commons Attribution 4.0 International License (CC BY 4.0).

Abstract

Adversarial training is one of the most effective methods for enhancing model robustness. Recent approaches incorporate adversarial distillation in adversarial training architectures. However, we notice two scenarios of defense methods that limit their performance: (1) Previous methods primarily use static ground truth for adversarial training, but this often causes robust overfitting; (2) The loss functions are either Mean Squared Error or KL-divergence leading to a sub-optimal performance on clean accuracy. To solve those problems, we propose a dynamic label adversarial training (DYNAT) algorithm that enables the target model to gradually and dynamically gain robustness from the guide model’s decisions. Additionally, we found that a budgeted dimension of inner optimization for the target model may contribute to the trade-off between clean accuracy and robust accuracy. Therefore, we propose a novel inner optimization method to be incorporated into adversarial training. This will enable the target model to adaptively search for adversarial examples based on dynamic labels from the guiding model, contributing to the robustness of the target model. Extensive experiments validate the superior performance of our approach.