[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ Skip to main content
Springer Nature Link
Log in

Global Wasserstein Margin maximization for boosting generalization in adversarial training

  • Published:
Applied Intelligence Aims and scope Submit manuscript

Abstract

In recent researches on adversarial robustness boosting, the trade-off between standard and robust generalization has been widely concerned, in which margin, the average distance from samples to the decision boundary, has become the bridge between the two ends. In this paper, the problems of the existing methods to improve the adversarial robustness by maximizing the margin are discussed and analyzed. On this basis, a new method to approximate the margin from a global point of view through the Wasserstein Distance of distribution of representation is proposed, which is called Global Wasserstein Margin. By maximizing the Global Wasserstein Margin in the process of adversarial training, the generalization capability of the model can be improved, reflected as the standard and robust accuracy advantages on the latest baseline of adversarial training.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (United Kingdom)

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Explore related subjects

Discover the latest articles, news and stories from top researchers in related subjects.

References

  1. Szegedy C, Zaremba W, Sutskever I (2014) Intriguing properties of neural networks. In: International conference on learning representations (ICLR)

  2. Goodfellow I, Shlens J, Szegedy C (2015) Explaining and harnessing adversarial examples. In: International conference on learning representations (ICLR)

  3. Zhang H, Yu Y, Jiao J, Xing E, El Ghaoui L, Jordan M (2019) Theoretically principled trade-off between robustness and accuracy. In: International conference on machine learning. PMLR, pp 7472–7482

  4. Cisse M, Bojanowski P, Grave E, Dauphin Y, Usunier N (2017) Parseval networks: Improving robustness to adversarial examples. In: International conference on machine learning. PMLR, pp 854–863

  5. Wen Y, Li S, Jia K (2020) Towards understanding the regularization of adversarial robustness on neural networks. In: International conference on machine learning. PMLR, pp 10225–10235

  6. Arjovsky M, Chintala S, Bottou L (2017) Wasserstein generative adversarial networks. In: International conference on machine learning. PMLR, pp 214–223

  7. Madry A, Makelov A, Schmidt L (2018) Towards deep learning models resistant to adversarial attacks. In: International conference on learning representations (ICLR)

  8. Kannan H, Kurakin A, Goodfellow I (2018) Adversarial logit pairing. arXiv:1803.06373

  9. Miyato T, Maeda S. -i., Koyama M, Ishii S (2018) Virtual adversarial training: a regularization method for supervised and semi-supervised learning. IEEE Trans Pattern Anal Mach Intell 41(8):1979–1993

    Article  Google Scholar 

  10. Tramèr F, Boneh D, Kurakin A, Goodfellow I, Papernot N, McDaniel P (2018) Ensemble adversarial training: Attacks and defenses. In: 6th International Conference on Learning Representations

  11. Sokolic J, Giryes R, Sapiro G, Rodrigues M (2017) Generalization error of invariant classifiers. In: Artificial intelligence and statistics. PMLR, pp 1094–1103

  12. Cao K, Wei C, Gaidon A, Arechiga N, Ma T (2019) Learning imbalanced datasets with label-distribution-aware margin loss. In: 33Rd conference on neural information processing systems, (neurIPS

  13. Jetley S, Lord NA, Torr PH (2018) With friends like these, who needs adversaries?. In: Proceedings of the 32nd International Conference on Neural Information Processing Systems, pp 10772–10782

  14. Fawzi A, Fawzi O, Frossard P (2018) Analysis of classifiers robustness to adversarial perturbations. Mach Learn 107(3):481–508

    Article  MathSciNet  MATH  Google Scholar 

  15. Ding GW, Sharma Y, Lui KYC, Huang R (2020) Mma training: Direct input space margin maximization through adversarial training. In: International conference on learning representations

  16. Chengzhi Mao ZZ (2019) Metric learning for adversarial robustness Advances in neural information processing systems

  17. Hoffer E, Ailon N (2015) Deep metric learning using triplet network. In: International workshop on similarity-based pattern recognition. Springer, pp 84–92

  18. Mustafa A, Khan SH, Hayat M, Goecke R, Shen J, Shao L (2020) Deeply supervised discriminative learning for adversarial defense. IEEE Trans Pattern Anal Mach Intell:1–1

  19. Wen Y, Zhang K, Li Z, Qiao Y (2016) A discriminative feature learning approach for deep face recognition. In: European conference on computer vision. Springer, pp 499–515

  20. Wong E, Kolter Z (2018) Provable defenses against adversarial examples via the convex outer adversarial polytope. In: International conference on machine learning. PMLR, pp 5286–5295

  21. Stanforth R, Gowal S, Mann T, Kohli P, et al. (2018) A dual approach to scalable verification of deep networks. arXiv:1803.06567

  22. Boopathy A, Weng T-W, Chen P-Y, Liu S, Daniel L (2019) Cnn-cert: an efficient framework for certifying robustness of convolutional neural networks. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol 33, pp 3240- -3247

  23. Wang Y, Zou D, Yi J, Bailey J, Ma X, Gu Q (2020) Improving adversarial robustness requires revisiting misclassified examples. In: International conference on learning representations

  24. Xu H, Liu X, Li Y, Jain A, Tang J (2021) To be robust or to be fair: Towards fairness in adversarial training. In: International conference on machine learning. PMLR, pp 11492–11501

  25. Zhang S, Huang K, Zhu J, Liu Y (2021) Manifold adversarial training for supervised and semi-supervised learning. Neural Netw 140:282–293

    Article  Google Scholar 

  26. Rade R, Moosavi-Dezfooli S-M (2021) Helper-based adversarial training: Reducing excessive margin to achieve a better accuracy vs. robustness trade-off. In: ICML 2021 Workshop on Adversarial Machine Learning

  27. Wong E, Rice L, Kolter JZ (2019) Fast is better than free: Revisiting adversarial training. In: International Conference on Learning Representations

  28. Kim H, Lee W, Lee J (2021) Understanding catastrophic overfitting in single-step adversarial training. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol 35, pp 8119–8127

  29. Andriushchenko M, Flammarion N (2020) Understanding and improving fast adversarial training. Adv Neural Inf Process Syst 33

  30. Vivek B, Babu RV (2020) Single-step adversarial training with dropout scheduling. In: 2020 IEEE/CVF Conference on computer vision and pattern recognition (CVPR). IEEE, pp 947–956

  31. Roth K, Kilcher Y, Hofmann T (2019) Adversarial training generalizes data-dependent spectral norm regularization

  32. Soudry D, Hoffer E, Nacson MS, Gunasekar S, Srebro N (2018) The implicit bias of gradient descent on separable data. J Mach Learn Res 19(1):2822–2878

    MathSciNet  MATH  Google Scholar 

  33. Nacson MS, Lee J, Gunasekar S, Savarese PHP, Srebro N, Soudry D (2019) Convergence of gradient descent on separable data. In: The 22nd international conference on artificial intelligence and statistics. PMLR, pp 3420–3428

  34. LeCun Y, Bottou L, Bengio Y, Haffner P (1998) Gradient-based learning applied to document recognition. Proc IEEE 86(11):2278–2324

    Article  Google Scholar 

  35. Krizhevsky A, Hinton G (2009) Learning multiple layers of features from tiny images. Handb Syst Autoimmune Diseas 1:4

    Google Scholar 

  36. Reading digits in natural images with unsupervised feature learning. nips workshop on deep learning & unsupervised feature learning (2011)

  37. Dong Y, Liao F, Pang T, Su H, Zhu J, Hu X, Li J (2018) Boosting adversarial attacks with momentum. In: Proceedings of the IEEE conference on computer vision and pattern recognition, pp 9185–9193

  38. He K, Zhang X, Ren S, Sun J (2016) Deep residual learning for image recognition. In: Proceedings of the IEEE conference on computer vision and pattern recognition, pp 770–778

Download references

Acknowledgements

This work is supported by the National Defense Basic Scientific Research Program of China (Grant Number: JCKY2018603B006)

Author information

Authors and Affiliations

  1. School of Cyberspace Science, Harbin Institute of Technology, Harbin City 150001, Heilongjiang, Province, China

    Tingyue Yu, Shen Wang & Xiangzhan Yu

Authors
  1. Tingyue Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shen Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xiangzhan Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shen Wang.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Yu, T., Wang, S. & Yu, X. Global Wasserstein Margin maximization for boosting generalization in adversarial training. Appl Intell 53, 11490–11504 (2023). https://doi.org/10.1007/s10489-022-03480-w

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10489-022-03480-w

Keywords

Search

Navigation