Towards Speeding up Adversarial Training in Latent Spaces
This addresses the time-consuming nature of adversarial training for machine learning practitioners, offering a more efficient defense against adversarial attacks, though it appears incremental as it builds on existing adversarial training concepts.
The paper tackles the problem of slow adversarial training by proposing a method that generates adversarial examples in latent spaces instead of input spaces, avoiding gradient calculations. Results on CIFAR-10 and ImageNet show it speeds up training, enhances robustness, and reduces accuracy impact on clean examples compared to state-of-the-art methods.
Adversarial training is wildly considered as one of the most effective way to defend against adversarial examples. However, existing adversarial training methods consume unbearable time, due to the fact that they need to generate adversarial examples in the large input space. To speed up adversarial training, we propose a novel adversarial training method that does not need to generate real adversarial examples. By adding perturbations to logits to generate Endogenous Adversarial Examples (EAEs) -- the adversarial examples in the latent space, the time consuming gradient calculation can be avoided. Extensive experiments are conducted on CIFAR-10 and ImageNet, and the results show that comparing to state-of-the-art methods, our EAE adversarial training not only shortens the training time, but also enhances the robustness of the model and has less impact on the accuracy of clean examples than the existing methods.