Adaptive perturbation adversarial training: based on reinforcement learning
This work addresses a specific issue in adversarial defense for machine learning models, offering an incremental improvement to existing methods.
The paper tackles the problem of adversarial training reducing accuracy on normal samples by proposing adaptive perturbation adversarial training using marginal adversarial samples, and introduces a reinforcement learning-based method to find these samples, which speeds up training and reduces costs.
Adversarial training has become the primary method to defend against adversarial samples. However, it is hard to practically apply due to many shortcomings. One of the shortcomings of adversarial training is that it will reduce the recognition accuracy of normal samples. Adaptive perturbation adversarial training is proposed to alleviate this problem. It uses marginal adversarial samples that are close to the decision boundary but does not cross the decision boundary for adversarial training, which improves the accuracy of model recognition while maintaining the robustness of the model. However, searching for marginal adversarial samples brings additional computational costs. This paper proposes a method for finding marginal adversarial samples based on reinforcement learning, and combines it with the latest fast adversarial training technology, which effectively speeds up training process and reduces training costs.