Modeling Adversarial Noise for Adversarial Training
This work addresses adversarial robustness for deep learning models, but it appears incremental as it builds on existing adversarial training methods.
The paper tackles the vulnerability of deep neural networks to adversarial noise by modeling the transition relationship between adversarial and natural labels using an instance-dependent transition matrix, which improves adversarial accuracy.
Deep neural networks have been demonstrated to be vulnerable to adversarial noise, promoting the development of defense against adversarial attacks. Motivated by the fact that adversarial noise contains well-generalizing features and that the relationship between adversarial data and natural data can help infer natural data and make reliable predictions, in this paper, we study to model adversarial noise by learning the transition relationship between adversarial labels (i.e. the flipped labels used to generate adversarial data) and natural labels (i.e. the ground truth labels of the natural data). Specifically, we introduce an instance-dependent transition matrix to relate adversarial labels and natural labels, which can be seamlessly embedded with the target model (enabling us to model stronger adaptive adversarial noise). Empirical evaluations demonstrate that our method could effectively improve adversarial accuracy.