pith. sign in

arxiv: 2205.11744 · v1 · pith:SR2FEK3Enew · submitted 2022-05-24 · 💻 cs.LG · cs.CV

Alleviating Robust Overfitting of Adversarial Training With Consistency Regularization

classification 💻 cs.LG cs.CV
keywords robustadversarialconsistencyoverfittingregularizationmodelmodelsteacher
0
0 comments X
read the original abstract

Adversarial training (AT) has proven to be one of the most effective ways to defend Deep Neural Networks (DNNs) against adversarial attacks. However, the phenomenon of robust overfitting, i.e., the robustness will drop sharply at a certain stage, always exists during AT. It is of great importance to decrease this robust generalization gap in order to obtain a robust model. In this paper, we present an in-depth study towards the robust overfitting from a new angle. We observe that consistency regularization, a popular technique in semi-supervised learning, has a similar goal as AT and can be used to alleviate robust overfitting. We empirically validate this observation, and find a majority of prior solutions have implicit connections to consistency regularization. Motivated by this, we introduce a new AT solution, which integrates the consistency regularization and Mean Teacher (MT) strategy into AT. Specifically, we introduce a teacher model, coming from the average weights of the student models over the training steps. Then we design a consistency loss function to make the prediction distribution of the student models over adversarial examples consistent with that of the teacher model over clean samples. Experiments show that our proposed method can effectively alleviate robust overfitting and improve the robustness of DNN models against common adversarial attacks.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Robust Alignment: Harmonizing Clean Accuracy and Adversarial Robustness in Adversarial Training

    cs.CV 2026-04 unverdicted novelty 5.0

    RAAT harmonizes clean accuracy and adversarial robustness by using fixed reduced perturbations for boundary samples and Domain Interpolation Consistency Adversarial Regularization to align input and latent spaces.