Adversarial Fine-tune with Dynamically Regulated Adversary
This work addresses a critical problem for real-world applications like health diagnosis and autonomous surgical robotics, where standard performance is prioritized over robustness, offering an incremental improvement over existing adversarial training methods.
The paper tackles the trade-off between model robustness to adversarial attacks and standard performance on clean data, proposing a transfer learning-based adversarial training strategy that disentangles negative effects and a training-friendly attack algorithm, achieving improved robustness while preserving standard performance.
Adversarial training is an effective method to boost model robustness to malicious, adversarial attacks. However, such improvement in model robustness often leads to a significant sacrifice of standard performance on clean images. In many real-world applications such as health diagnosis and autonomous surgical robotics, the standard performance is more valued over model robustness against such extremely malicious attacks. This leads to the question: To what extent we can boost model robustness without sacrificing standard performance? This work tackles this problem and proposes a simple yet effective transfer learning-based adversarial training strategy that disentangles the negative effects of adversarial samples on model's standard performance. In addition, we introduce a training-friendly adversarial attack algorithm, which facilitates the boost of adversarial robustness without introducing significant training complexity. Extensive experimentation indicates that the proposed method outperforms previous adversarial training algorithms towards the target: to improve model robustness while preserving model's standard performance on clean data.