Defense Against Adversarial Attacks Using Feature Scattering-based Adversarial Training
This work addresses the issue of adversarial vulnerability in machine learning models, offering an incremental improvement over existing adversarial training methods.
The paper tackles the problem of improving model robustness against adversarial attacks by introducing a feature scattering-based adversarial training approach that avoids label leaking and considers inter-sample relationships, achieving competitive results on various datasets.
We introduce a feature scattering-based adversarial training approach for improving model robustness against adversarial attacks. Conventional adversarial training approaches leverage a supervised scheme (either targeted or non-targeted) in generating attacks for training, which typically suffer from issues such as label leaking as noted in recent works. Differently, the proposed approach generates adversarial images for training through feature scattering in the latent space, which is unsupervised in nature and avoids label leaking. More importantly, this new approach generates perturbed images in a collaborative fashion, taking the inter-sample relationships into consideration. We conduct analysis on model robustness and demonstrate the effectiveness of the proposed approach through extensively experiments on different datasets compared with state-of-the-art approaches.