Attacks which do not kill training make adversarial learning stronger
Adversarial training based on the minimax formulation is necessary for obtaining adversarial
robustness of trained models. However, it is conservative or even pessimistic so that it …
robustness of trained models. However, it is conservative or even pessimistic so that it …
Second-order adversarial attack and certifiable robustness
Adversarial training has been recognized as a strong defense against adversarial attacks. In
this paper, we propose a powerful second-order attack method that reduces the accuracy of …
this paper, we propose a powerful second-order attack method that reduces the accuracy of …
Analysis and applications of class-wise robustness in adversarial training
Adversarial training is one of the most effective approaches to improve model robustness
against adversarial examples. However, previous works mainly focus on the overall …
against adversarial examples. However, previous works mainly focus on the overall …
Improving adversarial robustness requires revisiting misclassified examples
Deep neural networks (DNNs) are vulnerable to adversarial examples crafted by
imperceptible perturbations. A range of defense techniques have been proposed to improve …
imperceptible perturbations. A range of defense techniques have been proposed to improve …
WAT: improve the worst-class robustness in adversarial training
Abstract Deep Neural Networks (DNN) have been shown to be vulnerable to adversarial
examples. Adversarial training (AT) is a popular and effective strategy to defend against …
examples. Adversarial training (AT) is a popular and effective strategy to defend against …
Are labels required for improving adversarial robustness?
Recent work has uncovered the interesting (and somewhat surprising) finding that training
models to be invariant to adversarial perturbations requires substantially larger datasets …
models to be invariant to adversarial perturbations requires substantially larger datasets …
Understanding catastrophic overfitting in single-step adversarial training
Although fast adversarial training has demonstrated both robustness and efficiency, the
problem of" catastrophic overfitting" has been observed. This is a phenomenon in which …
problem of" catastrophic overfitting" has been observed. This is a phenomenon in which …
To be robust or to be fair: Towards fairness in adversarial training
Adversarial training algorithms have been proved to be reliable to improve machine learning
models' robustness against adversarial examples. However, we find that adversarial training …
models' robustness against adversarial examples. However, we find that adversarial training …
Rademacher complexity for adversarially robust generalization
Many machine learning models are vulnerable to adversarial attacks; for example, adding
adversarial perturbations that are imperceptible to humans can often make machine …
adversarial perturbations that are imperceptible to humans can often make machine …
Towards understanding fast adversarial training
Current neural-network-based classifiers are susceptible to adversarial examples. The most
empirically successful approach to defending against such adversarial examples is …
empirically successful approach to defending against such adversarial examples is …