Adversarial Contrastive Distillation with Adaptive Denoising
This work improves adversarial robustness for small models, which is an incremental advancement in machine learning security.
The paper tackled the problem of adversarial robustness distillation (ARD) by addressing teacher instability and lack of example relationships, proposing CRDND to transfer robust knowledge efficiently and achieve state-of-the-art performances on multiple attack benchmarks.
Adversarial Robustness Distillation (ARD) is a novel method to boost the robustness of small models. Unlike general adversarial training, its robust knowledge transfer can be less easily restricted by the model capacity. However, the teacher model that provides the robustness of knowledge does not always make correct predictions, interfering with the student's robust performances. Besides, in the previous ARD methods, the robustness comes entirely from one-to-one imitation, ignoring the relationship between examples. To this end, we propose a novel structured ARD method called Contrastive Relationship DeNoise Distillation (CRDND). We design an adaptive compensation module to model the instability of the teacher. Moreover, we utilize the contrastive relationship to explore implicit robustness knowledge among multiple examples. Experimental results on multiple attack benchmarks show CRDND can transfer robust knowledge efficiently and achieves state-of-the-art performances.