CAT: Customized Adversarial Training for Improved Robustness
This addresses robustness issues in neural networks for security-critical applications, but it is incremental as it builds on existing adversarial training techniques.
The paper tackles the problem of adversarial training's poor generalization on clean and perturbed data by proposing CAT, which adaptively customizes perturbation levels and labels per sample, achieving better clean and robust accuracy than previous methods.
Adversarial training has become one of the most effective methods for improving robustness of neural networks. However, it often suffers from poor generalization on both clean and perturbed data. In this paper, we propose a new algorithm, named Customized Adversarial Training (CAT), which adaptively customizes the perturbation level and the corresponding label for each training sample in adversarial training. We show that the proposed algorithm achieves better clean and robust accuracy than previous adversarial training methods through extensive experiments.