calibrated adversarial training

Tianjin Huang, Vlado Menkovski, Yulong Pei, Mykola Pechenizkiy
Proceedings of The 13th Asian Conference on Machine Learning, PMLR 157:626-641, 2021.

Abstract

Adversarial training is an approach of increasing the robustness of models to adversarial attacks by including adversarial examples in the training set. One major challenge of producing adversarial examples is to contain sufficient perturbation in the example to flip the model’s output while not making severe changes in the example’s semantical content. Exuberant change in the semantical content could also change the true label of the example. Adding such examples to the training set results in adverse effects. In this paper, we present the Calibrated Adversarial Training, a method that reduces the adverse effects of semantic perturbations in adversarial training. The method produces pixel-level adaptations to the perturbations based on novel calibrated robust error. We provide theoretical analysis on the calibrated robust error and derive an upper bound for it. Our empirical results show a superior performance of the Calibrated Adversarial Training over a number of public datasets.

Cite this Paper


BibTeX
@InProceedings{pmlr-v157-huang21a, title = {calibrated adversarial training}, author = {Huang, Tianjin and Menkovski, Vlado and Pei, Yulong and Pechenizkiy, Mykola}, booktitle = {Proceedings of The 13th Asian Conference on Machine Learning}, pages = {626--641}, year = {2021}, editor = {Balasubramanian, Vineeth N. and Tsang, Ivor}, volume = {157}, series = {Proceedings of Machine Learning Research}, month = {17--19 Nov}, publisher = {PMLR}, pdf = {https://proceedings.mlr.press/v157/huang21a/huang21a.pdf}, url = {https://proceedings.mlr.press/v157/huang21a.html}, abstract = {Adversarial training is an approach of increasing the robustness of models to adversarial attacks by including adversarial examples in the training set. One major challenge of producing adversarial examples is to contain sufficient perturbation in the example to flip the model’s output while not making severe changes in the example’s semantical content. Exuberant change in the semantical content could also change the true label of the example. Adding such examples to the training set results in adverse effects. In this paper, we present the Calibrated Adversarial Training, a method that reduces the adverse effects of semantic perturbations in adversarial training. The method produces pixel-level adaptations to the perturbations based on novel calibrated robust error. We provide theoretical analysis on the calibrated robust error and derive an upper bound for it. Our empirical results show a superior performance of the Calibrated Adversarial Training over a number of public datasets.} }
Endnote
%0 Conference Paper %T calibrated adversarial training %A Tianjin Huang %A Vlado Menkovski %A Yulong Pei %A Mykola Pechenizkiy %B Proceedings of The 13th Asian Conference on Machine Learning %C Proceedings of Machine Learning Research %D 2021 %E Vineeth N. Balasubramanian %E Ivor Tsang %F pmlr-v157-huang21a %I PMLR %P 626--641 %U https://proceedings.mlr.press/v157/huang21a.html %V 157 %X Adversarial training is an approach of increasing the robustness of models to adversarial attacks by including adversarial examples in the training set. One major challenge of producing adversarial examples is to contain sufficient perturbation in the example to flip the model’s output while not making severe changes in the example’s semantical content. Exuberant change in the semantical content could also change the true label of the example. Adding such examples to the training set results in adverse effects. In this paper, we present the Calibrated Adversarial Training, a method that reduces the adverse effects of semantic perturbations in adversarial training. The method produces pixel-level adaptations to the perturbations based on novel calibrated robust error. We provide theoretical analysis on the calibrated robust error and derive an upper bound for it. Our empirical results show a superior performance of the Calibrated Adversarial Training over a number of public datasets.
APA
Huang, T., Menkovski, V., Pei, Y. & Pechenizkiy, M.. (2021). calibrated adversarial training. Proceedings of The 13th Asian Conference on Machine Learning, in Proceedings of Machine Learning Research 157:626-641 Available from https://proceedings.mlr.press/v157/huang21a.html.

Related Material