Understanding Adversarial Robustness Through Loss Landscape Geometries
This work addresses a fundamental problem in deep learning by questioning the link between loss landscape flatness and generalization for adversarial training, which is incremental as it builds on prior visualization techniques.
The paper investigates whether adversarial training data augmentation leads to flatter loss landscapes, a common belief for better generalization, and finds that it does not, challenging existing assumptions about adversarial robustness and loss geometry relationships.
The pursuit of explaining and improving generalization in deep learning has elicited efforts both in regularization techniques as well as visualization techniques of the loss surface geometry. The latter is related to the intuition prevalent in the community that flatter local optima leads to lower generalization error. In this paper, we harness the state-of-the-art "filter normalization" technique of loss-surface visualization to qualitatively understand the consequences of using adversarial training data augmentation as the explicit regularization technique of choice. Much to our surprise, we discover that this oft deployed adversarial augmentation technique does not actually result in "flatter" loss-landscapes, which requires rethinking adversarial training generalization, and the relationship between generalization and loss landscapes geometries.