Adaptive Feature Alignment for Adversarial Training
This addresses security concerns in AI applications by enhancing adversarial defense, though it is incremental as it builds on existing feature alignment and dual-BN methods.
The paper tackles the vulnerability of CNNs to adversarial attacks and the trade-off between robustness and standard accuracy by proposing adaptive feature alignment (AFA), which generates features for arbitrary attacking strengths using a dual-BN architecture, resulting in improved robustness without significant accuracy loss across multiple datasets.
Recent studies reveal that Convolutional Neural Networks (CNNs) are typically vulnerable to adversarial attacks, which pose a threat to security-sensitive applications. Many adversarial defense methods improve robustness at the cost of accuracy, raising the contradiction between standard and adversarial accuracies. In this paper, we observe an interesting phenomenon that feature statistics change monotonically and smoothly w.r.t the rising of attacking strength. Based on this observation, we propose the adaptive feature alignment (AFA) to generate features of arbitrary attacking strengths. Our method is trained to automatically align features of arbitrary attacking strength. This is done by predicting a fusing weight in a dual-BN architecture. Unlike previous works that need to either retrain the model or manually tune a hyper-parameters for different attacking strengths, our method can deal with arbitrary attacking strengths with a single model without introducing any hyper-parameter. Importantly, our method improves the model robustness against adversarial samples without incurring much loss in standard accuracy. Experiments on CIFAR-10, SVHN, and tiny-ImageNet datasets demonstrate that our method outperforms the state-of-the-art under a wide range of attacking strengths.