SOAR: Second-Order Adversarial Regularization
This work addresses the challenge of making neural networks more resilient to adversarial attacks, which is critical for security-sensitive applications, but it appears incremental as it builds on existing robust optimization frameworks.
The paper tackled the problem of improving adversarial robustness in deep neural networks by proposing a second-order adversarial regularizer (SOAR) as an alternative to adversarial training, resulting in significant robustness improvements against ℓ∞ and ℓ2 bounded perturbations on CIFAR-10 and SVHN datasets.
Adversarial training is a common approach to improving the robustness of deep neural networks against adversarial examples. In this work, we propose a novel regularization approach as an alternative. To derive the regularizer, we formulate the adversarial robustness problem under the robust optimization framework and approximate the loss function using a second-order Taylor series expansion. Our proposed second-order adversarial regularizer (SOAR) is an upper bound based on the Taylor approximation of the inner-max in the robust optimization objective. We empirically show that the proposed method significantly improves the robustness of networks against the $\ell_\infty$ and $\ell_2$ bounded perturbations generated using cross-entropy-based PGD on CIFAR-10 and SVHN.