A3T: Adversarially Augmented Adversarial Training
This work addresses the critical issue of adversarial robustness in deep learning models, which is essential for security-sensitive applications, but it appears incremental as it builds on existing adversarial training techniques.
The paper tackles the problem of deep neural networks' vulnerability to adversarial perturbations by proposing a method that enforces representation invariance through joint training with a discriminator to filter adversarial noise, with preliminary experiments conducted to test its viability against standard adversarial training methods.
Recent research showed that deep neural networks are highly sensitive to so-called adversarial perturbations, which are tiny perturbations of the input data purposely designed to fool a machine learning classifier. Most classification models, including deep learning models, are highly vulnerable to adversarial attacks. In this work, we investigate a procedure to improve adversarial robustness of deep neural networks through enforcing representation invariance. The idea is to train the classifier jointly with a discriminator attached to one of its hidden layer and trained to filter the adversarial noise. We perform preliminary experiments to test the viability of the approach and to compare it to other standard adversarial training methods.