Deep Adversarial Defense Against Multilevel-Lp Attacks
This work addresses the need for more robust defenses against sophisticated adversarial attacks in deep learning, though it appears incremental as it builds on existing adversarial training techniques.
This paper tackles the problem of deep learning models being vulnerable to multiple types of adversarial attacks by introducing the Efficient Robust Mode Connectivity (EMRC) method, which enhances resilience against various ℓp-norm attacks and shows improved performance compared to existing defenses like AT-ℓ∞, E-AT, and MSD on datasets such as CIFAR-10 and CIFAR-100.
Deep learning models have shown considerable vulnerability to adversarial attacks, particularly as attacker strategies become more sophisticated. While traditional adversarial training (AT) techniques offer some resilience, they often focus on defending against a single type of attack, e.g., the $\ell_\infty$-norm attack, which can fail for other types. This paper introduces a computationally efficient multilevel $\ell_p$ defense, called the Efficient Robust Mode Connectivity (EMRC) method, which aims to enhance a deep learning model's resilience against multiple $\ell_p$-norm attacks. Similar to analytical continuation approaches used in continuous optimization, the method blends two $p$-specific adversarially optimal models, the $\ell_1$- and $\ell_\infty$-norm AT solutions, to provide good adversarial robustness for a range of $p$. We present experiments demonstrating that our approach performs better on various attacks as compared to AT-$\ell_\infty$, E-AT, and MSD, for datasets/architectures including: CIFAR-10, CIFAR-100 / PreResNet110, WideResNet, ViT-Base.