Improving the Robustness of Deep Neural Networks via Adversarial Training with Triplet Loss
This work addresses security concerns in AI systems by enhancing defense against adversarial attacks, though it is incremental as it builds on existing adversarial training methods.
The paper tackles the vulnerability of deep neural networks to adversarial examples by incorporating triplet loss into adversarial training, resulting in improved robustness without sacrificing accuracy.
Recent studies have highlighted that deep neural networks (DNNs) are vulnerable to adversarial examples. In this paper, we improve the robustness of DNNs by utilizing techniques of Distance Metric Learning. Specifically, we incorporate Triplet Loss, one of the most popular Distance Metric Learning methods, into the framework of adversarial training. Our proposed algorithm, Adversarial Training with Triplet Loss (AT$^2$L), substitutes the adversarial example against the current model for the anchor of triplet loss to effectively smooth the classification boundary. Furthermore, we propose an ensemble version of AT$^2$L, which aggregates different attack methods and model structures for better defense effects. Our empirical studies verify that the proposed approach can significantly improve the robustness of DNNs without sacrificing accuracy. Finally, we demonstrate that our specially designed triplet loss can also be used as a regularization term to enhance other defense methods.