Neural Architectures Search (NAS) becomes more and more popular over these years. However, NAS-generated models tends to suffer greater vulnerability to various malicious attacks. Lots of robust NAS methods leverage adversarial training to enhance the robustness of NAS-generated models, however, they neglected the nature accuracy of NAS-generated models. In our paper, we propose a novel NAS method, Robust Neural Architecture Search (RNAS). To design a regularization term to balance accuracy and robustness, RNAS generates architectures with both high accuracy and good robustness. To reduce search cost, we further propose to use noise examples instead adversarial examples as input to search architectures. Extensive experiments show that RNAS achieves state-of-the-art (SOTA) performance on both image classification and adversarial attacks, which illustrates the proposed RNAS achieves a good tradeoff between robustness and accuracy.
翻译:神经网络结构搜索(NAS)逐渐变得越来越流行。然而,NAS生成模型往往更容易受到各种恶意攻击。许多鲁棒NAS方法利用对抗训练来增强NAS生成模型的鲁棒性,但它们忽视了NAS生成模型天然的准确性。在本文中,我们提出了一种新型NAS方法,即鲁棒性神经网络结构搜索(RNAS)。为了设计一个正则化项来平衡准确性和鲁棒性,RNAS生成了具有高准确性和良好鲁棒性的体系结构。为了降低搜索成本,我们进一步提出使用带有噪声的示例而不是对抗示例作为输入来搜索体系结构。广泛的实验表明,RNAS在图像分类和对抗攻击方面均取得了最先进的性能(SOTA),这表明该RNAS在鲁棒性和准确性之间获得了良好的平衡。
相关内容
微信扫码咨询专知VIP会员