CAT:Collaborative Adversarial Training
This addresses the challenge of enhancing model robustness against adversarial attacks for machine learning practitioners, though it is incremental by building on existing adversarial training methods.
The paper tackles the problem of improving adversarial robustness in neural networks by proposing a collaborative adversarial training framework that leverages multiple training strategies, achieving state-of-the-art robustness on CIFAR-10 under the Auto-Attack benchmark without additional data.
Adversarial training can improve the robustness of neural networks. Previous methods focus on a single adversarial training strategy and do not consider the model property trained by different strategies. By revisiting the previous methods, we find different adversarial training methods have distinct robustness for sample instances. For example, a sample instance can be correctly classified by a model trained using standard adversarial training (AT) but not by a model trained using TRADES, and vice versa. Based on this observation, we propose a collaborative adversarial training framework to improve the robustness of neural networks. Specifically, we use different adversarial training methods to train robust models and let models interact with their knowledge during the training process. Collaborative Adversarial Training (CAT) can improve both robustness and accuracy. Extensive experiments on various networks and datasets validate the effectiveness of our method. CAT achieves state-of-the-art adversarial robustness without using any additional data on CIFAR-10 under the Auto-Attack benchmark. Code is available at https://github.com/liuxingbin/CAT.