PIAT: Parameter Interpolation Based Adversarial Training for Image Classification
Abstract
Adversarial training has been demonstrated to be the most effective approach to defend against adversarial attacks. However, existing adversarial training methods show apparent oscillations and overfitting issues in the training process, degrading the defense efficacy. In this work, we propose a novel framework, termed Parameter Interpolation based Adversarial Training (PIAT), that makes full use of the historical information during training. Specifically, at the end of each epoch, PIAT tunes the model parameters as the interpolation of the parameters of the previous and current epochs. Besides, we suggest to use the Normalized Mean Square Error (NMSE) to further improve the robustness by aligning the relative magnitude of logits between clean and adversarial examples, rather than the absolute magnitude. Extensive experiments on several benchmark datasets and various networks show that our framework could prominently improve the model robustness and reduce the generalization error.
Cite
Text
He et al. "PIAT: Parameter Interpolation Based Adversarial Training for Image Classification." ICML 2023 Workshops: AdvML-Frontiers, 2023.Markdown
[He et al. "PIAT: Parameter Interpolation Based Adversarial Training for Image Classification." ICML 2023 Workshops: AdvML-Frontiers, 2023.](https://mlanthology.org/icmlw/2023/he2023icmlw-piat/)BibTeX
@inproceedings{he2023icmlw-piat,
title = {{PIAT: Parameter Interpolation Based Adversarial Training for Image Classification}},
author = {He, Kun and Liu, Xin and Yang, Yichen and Qin, Zhou and Wen, Weigao and Xue', Hui and Hopcroft, John E.},
booktitle = {ICML 2023 Workshops: AdvML-Frontiers},
year = {2023},
url = {https://mlanthology.org/icmlw/2023/he2023icmlw-piat/}
}