Automated Robustness with Adversarial Training as a Post-Processing Step
This work addresses the challenge of automating adversarial robustness for practitioners, but it is incremental as it builds on existing methods like neural architecture search and adversarial training.
The paper tackles the computational expense of adversarial training by proposing a fully automated pipeline that applies adversarial training as a post-processing step to optimized neural architectures from a search algorithm, achieving robust models across 20 classification tasks.
Adversarial training is a computationally expensive task and hence searching for neural network architectures with robustness as the criterion can be challenging. As a step towards practical automation, this work explores the efficacy of a simple post processing step in yielding robust deep learning model. To achieve this, we adopt adversarial training as a post-processing step for optimised network architectures obtained from a neural architecture search algorithm. Specific policies are adopted for tuning the hyperparameters of the different steps, resulting in a fully automated pipeline for generating adversarially robust deep learning models. We evidence the usefulness of the proposed pipeline with extensive experimentation across 11 image classification and 9 text classification tasks.