ML Anthology

Memorization Weights for Instance Reweighting in Adversarial Training

Jianfu Zhang, Yan Hong, Qibin Zhao
AAAI 2023 pp. 11228-11236
doi:10.1609/AAAI.V37I9.26329 /aaai/2023/zhang2023aaai-memorization/

Abstract

Adversarial training is an effective way to defend deep neural networks (DNN) against adversarial examples. However, there are atypical samples that are rare and hard to learn, or even hurt DNNs' generalization performance on test data. In this paper, we propose a novel algorithm to reweight the training samples based on self-supervised techniques to mitigate the negative effects of the atypical samples. Specifically, a memory bank is built to record the popular samples as prototypes and calculate the memorization weight for each sample, evaluating the "typicalness" of a sample. All the training samples are reweigthed based on the proposed memorization weights to reduce the negative effects of atypical samples. Experimental results show the proposed method is flexible to boost state-of-the-art adversarial training methods, improving both robustness and standard accuracy of DNNs.

PDF AAAI Semantic Scholar

Cite

Text

Zhang et al. "Memorization Weights for Instance Reweighting in Adversarial Training." AAAI Conference on Artificial Intelligence, 2023. doi:10.1609/AAAI.V37I9.26329

Markdown

[Zhang et al. "Memorization Weights for Instance Reweighting in Adversarial Training." AAAI Conference on Artificial Intelligence, 2023.](https://mlanthology.org/aaai/2023/zhang2023aaai-memorization/) doi:10.1609/AAAI.V37I9.26329

BibTeX

@inproceedings{zhang2023aaai-memorization,
  title     = {{Memorization Weights for Instance Reweighting in Adversarial Training}},
  author    = {Zhang, Jianfu and Hong, Yan and Zhao, Qibin},
  booktitle = {AAAI Conference on Artificial Intelligence},
  year      = {2023},
  pages     = {11228-11236},
  doi       = {10.1609/AAAI.V37I9.26329},
  url       = {https://mlanthology.org/aaai/2023/zhang2023aaai-memorization/}
}