Adversarial Parameter Defense by Multi-Step Risk Minimization
This work addresses model robustness for AI systems, but it is incremental as it builds on existing adversarial training concepts.
The paper tackles the vulnerability of deep neural networks to parameter corruptions by proposing an adversarial parameter defense algorithm that minimizes the average risk of multiple adversarial parameter corruptions, resulting in improved parameter robustness and accuracy.
Previous studies demonstrate DNNs' vulnerability to adversarial examples and adversarial training can establish a defense to adversarial examples. In addition, recent studies show that deep neural networks also exhibit vulnerability to parameter corruptions. The vulnerability of model parameters is of crucial value to the study of model robustness and generalization. In this work, we introduce the concept of parameter corruption and propose to leverage the loss change indicators for measuring the flatness of the loss basin and the parameter robustness of neural network parameters. On such basis, we analyze parameter corruptions and propose the multi-step adversarial corruption algorithm. To enhance neural networks, we propose the adversarial parameter defense algorithm that minimizes the average risk of multiple adversarial parameter corruptions. Experimental results show that the proposed algorithm can improve both the parameter robustness and accuracy of neural networks.