Curriculum Adversarial Training
Abstract
Recently, deep learning has been applied to many security-sensitive applications, such as facial authentication. The existence of adversarial examples hinders such applications. The state-of-the-art result on defense shows that adversarial training can be applied to train a robust model on MNIST against adversarial examples; but it fails to achieve a high empirical worst-case accuracy on a more complex task, such as CIFAR-10 and SVHN. In our work, we propose curriculum adversarial training (CAT) to resolve this issue. The basic idea is to develop a curriculum of adversarial examples generated by attacks with a wide range of strengths. With two techniques to mitigate the catastrophic forgetting and the generalization issues, we demonstrate that CAT can improve the prior art's empirical worst-case accuracy by a large margin of 25% on CIFAR-10 and 35% on SVHN. At the same, the model's performance on non-adversarial inputs is comparable to the state-of-the-art models.
Cite
Text
Cai et al. "Curriculum Adversarial Training." International Joint Conference on Artificial Intelligence, 2018. doi:10.24963/IJCAI.2018/520Markdown
[Cai et al. "Curriculum Adversarial Training." International Joint Conference on Artificial Intelligence, 2018.](https://mlanthology.org/ijcai/2018/cai2018ijcai-curriculum/) doi:10.24963/IJCAI.2018/520BibTeX
@inproceedings{cai2018ijcai-curriculum,
title = {{Curriculum Adversarial Training}},
author = {Cai, Qi-Zhi and Liu, Chang and Song, Dawn},
booktitle = {International Joint Conference on Artificial Intelligence},
year = {2018},
pages = {3740-3747},
doi = {10.24963/IJCAI.2018/520},
url = {https://mlanthology.org/ijcai/2018/cai2018ijcai-curriculum/}
}