Adversarial training with informed data selection
This work addresses the challenge of improving adversarial robustness in critical applications like healthcare and finance, but it is incremental as it builds on existing adversarial training methods.
The paper tackles the problem of adversarial training for deep neural networks, which typically reduces clean accuracy and increases computational cost, by proposing a data selection strategy based on cross-entropy loss to select relevant samples in mini-batch training, resulting in a good compromise between robustness and standard accuracy while reducing computational complexity.
With the increasing amount of available data and advances in computing capabilities, deep neural networks (DNNs) have been successfully employed to solve challenging tasks in various areas, including healthcare, climate, and finance. Nevertheless, state-of-the-art DNNs are susceptible to quasi-imperceptible perturbed versions of the original images -- adversarial examples. These perturbations of the network input can lead to disastrous implications in critical areas where wrong decisions can directly affect human lives. Adversarial training is the most efficient solution to defend the network against these malicious attacks. However, adversarial trained networks generally come with lower clean accuracy and higher computational complexity. This work proposes a data selection (DS) strategy to be applied in the mini-batch training. Based on the cross-entropy loss, the most relevant samples in the batch are selected to update the model parameters in the backpropagation. The simulation results show that a good compromise can be obtained regarding robustness and standard accuracy, whereas the computational complexity of the backpropagation pass is reduced.