Revisiting Semi-supervised Adversarial Robustness via Noise-aware Online Robust Distillation
This work addresses the challenge of improving adversarial robustness in semi-supervised learning for computer vision tasks, offering a novel method that reduces labeling costs while maintaining high performance.
The paper tackles the problem of semi-supervised adversarial training by introducing SNORD, a framework that enhances pseudo labels and manages noisy data without relying on pretrained models, achieving state-of-the-art robust accuracy with very low labeling budgets, such as 90% relative robust accuracy under AutoAttack with less than 0.1% labels on CIFAR-10.
The robust self-training (RST) framework has emerged as a prominent approach for semi-supervised adversarial training. To explore the possibility of tackling more complicated tasks with even lower labeling budgets, unlike prior approaches that rely on robust pretrained models, we present SNORD - a simple yet effective framework that introduces contemporary semi-supervised learning techniques into the realm of adversarial training. By enhancing pseudo labels and managing noisy training data more effectively, SNORD showcases impressive, state-of-the-art performance across diverse datasets and labeling budgets, all without the need for pretrained models. Compared to full adversarial supervision, SNORD achieves a 90% relative robust accuracy under epsilon = 8/255 AutoAttack, requiring less than 0.1%, 2%, and 10% labels for CIFAR-10, CIFAR-100, and TinyImageNet-200, respectively. Additional experiments confirm the efficacy of each component and demonstrate the adaptability of integrating SNORD with existing adversarial pretraining strategies to further bolster robustness.