Adversarial Ensemble Training by Jointly Learning Label Dependencies and Member Models
This work addresses adversarial robustness for image recognition systems, offering an incremental improvement by incorporating label dependencies into ensemble training.
The paper tackles the problem of improving adversarial robustness in deep neural networks by proposing an ensemble training approach that jointly learns label dependencies and member models, achieving superior robustness against black-box attacks on datasets like MNIST, FashionMNIST, and CIFAR-10 compared to state-of-the-art methods.
Training an ensemble of diverse sub-models has been empirically demonstrated as an effective strategy for improving the adversarial robustness of deep neural networks. However, current ensemble training methods for image recognition typically encode image labels using one-hot vectors, which overlook dependency relationships between the labels. In this paper, we propose a novel adversarial en-semble training approach that jointly learns the label dependencies and member models. Our approach adaptively exploits the learned label dependencies to pro-mote diversity among the member models. We evaluate our approach on widely used datasets including MNIST, FashionMNIST, and CIFAR-10, and show that it achieves superior robustness against black-box attacks compared to state-of-the-art methods. Our code is available at https://github.com/ZJLAB-AMMI/LSD.