pith. sign in

arxiv: 2010.01799 · v2 · pith:XL7MT2VJnew · submitted 2020-10-05 · 💻 cs.LG · eess.IV· stat.ML

Understanding Catastrophic Overfitting in Single-step Adversarial Training

classification 💻 cs.LG eess.IVstat.ML
keywords adversarialtrainingcatastrophicoverfittingsingle-stepaccuracyexamplesfast
0
0 comments X
read the original abstract

Although fast adversarial training has demonstrated both robustness and efficiency, the problem of "catastrophic overfitting" has been observed. This is a phenomenon in which, during single-step adversarial training, the robust accuracy against projected gradient descent (PGD) suddenly decreases to 0% after a few epochs, whereas the robust accuracy against fast gradient sign method (FGSM) increases to 100%. In this paper, we demonstrate that catastrophic overfitting is very closely related to the characteristic of single-step adversarial training which uses only adversarial examples with the maximum perturbation, and not all adversarial examples in the adversarial direction, which leads to decision boundary distortion and a highly curved loss surface. Based on this observation, we propose a simple method that not only prevents catastrophic overfitting, but also overrides the belief that it is difficult to prevent multi-step adversarial attacks with single-step adversarial training.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. SORA: Free Second-Order Attacks in Fast Adversarial Training

    cs.LG 2026-05 unverdicted novelty 5.0

    SORA is an adaptive step-size adversarial training algorithm that formalizes epsilon overfitting, introduces the PertAlign metric to predict catastrophic overfitting, and dynamically adjusts perturbations to achieve s...