Adversarial training suffers from robust overfitting, a phenomenon where the robust test accuracy starts to decrease during training. In this paper, we focus on both heuristics-driven and data-driven augmentations as a means to reduce robust overfitting. First, we demonstrate that, contrary to previous findings, when combined with model weight averaging, data augmentation can significantly boost robust accuracy. Second, we explore how state-of-the-art generative models can be leveraged to artificially increase the size of the training set and further improve adversarial robustness. Finally, we evaluate our approach on CIFAR-10 against $\ell_\infty$ and $\ell_2$ norm-bounded perturbations of size $\epsilon = 8/255$ and $\epsilon = 128/255$, respectively. We show large absolute improvements of +7.06% and +5.88% in robust accuracy compared to previous state-of-the-art methods. In particular, against $\ell_\infty$ norm-bounded perturbations of size $\epsilon = 8/255$, our model reaches 64.20% robust accuracy without using any external data, beating most prior works that use external data.
翻译:Adversari 培训受到强力超编的影响,这是一种强力测试精确度在培训期间开始下降的现象。在本文中,我们注重超自然值驱动的和数据驱动的增压,作为减少强力超编的一种手段。首先,我们证明,与以前的调查结果相反,如果与平均重量模型相结合,数据扩增可以大大提高强力准确度。第二,我们探索如何利用最先进的基因化模型人为地增加培训成套培训规模,并进一步提高对抗性强力。最后,我们对照美元/日元和美元/日元/2美元标准受限制的冲击度来评价我们关于CIFAR-10的做法,以美元/日元和美元/日元/月/月/日/日/日/日/日/日/日/月/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日///日/日/日/日/日///////////////////////////日/日/日/////日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/日/
相关内容
微信扫码咨询专知VIP会员