Improving Adversarial Robustness with Hypersphere Embedding and Angular-based Regularizations
This work addresses the problem of making neural networks more robust to adversarial attacks for security-critical applications, but it is incremental as it builds on existing adversarial training and hypersphere embedding methods.
The paper tackles the problem of improving adversarial robustness in deep neural networks by proposing angular-AT, which integrates hypersphere embedding into adversarial training with angular-based regularizations to enhance weight-feature compactness and inter-class separation. The result is a further improvement in adversarial robustness, as shown in experimental results.
Adversarial training (AT) methods have been found to be effective against adversarial attacks on deep neural networks. Many variants of AT have been proposed to improve its performance. Pang et al. [1] have recently shown that incorporating hypersphere embedding (HE) into the existing AT procedures enhances robustness. We observe that the existing AT procedures are not designed for the HE framework, and thus fail to adequately learn the angular discriminative information available in the HE framework. In this paper, we propose integrating HE into AT with regularization terms that exploit the rich angular information available in the HE framework. Specifically, our method, termed angular-AT, adds regularization terms to AT that explicitly enforce weight-feature compactness and inter-class separation; all expressed in terms of angular features. Experimental results show that angular-AT further improves adversarial robustness.