Self-Progressing Robust Training

Minhao Cheng; Pin Yu Chen; Sijia Liu; Shiyu Chang; Cho Jui Hsieh; Payel Das

Self-Progressing Robust Training

Minhao Cheng, Pin Yu Chen, Sijia Liu, Shiyu Chang, Cho Jui Hsieh, Payel Das

Research output: Chapter in Book/Conference Proceeding/Report › Conference Paper published in a book › peer-review

Abstract

Enhancing model robustness under new and even adversarial environments is a crucial milestone toward building trustworthy machine learning systems. Current robust training methods such as adversarial training explicitly uses an “attack” (e.g., L-inf-norm bounded perturbation) to generate adversarial examples during model training for improving adversarial robustness. In this paper, we take a different perspective and propose a new framework called SPROUT, self-progressing robust training. During model training, SPROUT progressively adjusts training label distribution via our proposed parametrized label smoothing technique, making training free of attack generation and more scalable. We also motivate SPROUT using a general formulation based on vicinity risk minimization, which includes many robust training methods as special cases. Compared with state-of-the-art adversarial training methods (PGD-L-inf and TRADES) under L-inf-norm bounded attacks and various invariance tests, SPROUT consistently attains superior performance and is more scalable to large neural networks. Our results shed new light on scalable, effective and attack-independent robust training methods.

Original language	English
Title of host publication	35th AAAI Conference on Artificial Intelligence, AAAI 2021
Publisher	Association for the Advancement of Artificial Intelligence
Pages	7107-7115
Number of pages	9
ISBN (Electronic)	9781713835974
Publication status	Published - 2021
Externally published	Yes
Event	35th AAAI Conference on Artificial Intelligence, AAAI 2021 - Virtual, Online Duration: 2 Feb 2021 → 9 Feb 2021

Publication series

Name	35th AAAI Conference on Artificial Intelligence, AAAI 2021
Volume	8B

Conference

Conference	35th AAAI Conference on Artificial Intelligence, AAAI 2021
City	Virtual, Online
Period	2/02/21 → 9/02/21

Bibliographical note

Publisher Copyright:
Copyright © 2021, Association for the Advancement of Artificial Intelligence (www.aaai.org). All rights reserved

Access to Document

https://hdl.handle.net/1783.1/114684

Cite this

@inproceedings{d978e8bb0a784981989f15d9455bf9e2,

title = "Self-Progressing Robust Training",

abstract = "Enhancing model robustness under new and even adversarial environments is a crucial milestone toward building trustworthy machine learning systems. Current robust training methods such as adversarial training explicitly uses an “attack” (e.g., L-inf-norm bounded perturbation) to generate adversarial examples during model training for improving adversarial robustness. In this paper, we take a different perspective and propose a new framework called SPROUT, self-progressing robust training. During model training, SPROUT progressively adjusts training label distribution via our proposed parametrized label smoothing technique, making training free of attack generation and more scalable. We also motivate SPROUT using a general formulation based on vicinity risk minimization, which includes many robust training methods as special cases. Compared with state-of-the-art adversarial training methods (PGD-L-inf and TRADES) under L-inf-norm bounded attacks and various invariance tests, SPROUT consistently attains superior performance and is more scalable to large neural networks. Our results shed new light on scalable, effective and attack-independent robust training methods.",

author = "Minhao Cheng and Chen, \{Pin Yu\} and Sijia Liu and Shiyu Chang and Hsieh, \{Cho Jui\} and Payel Das",

note = "Publisher Copyright: Copyright {\textcopyright} 2021, Association for the Advancement of Artificial Intelligence (www.aaai.org). All rights reserved; 35th AAAI Conference on Artificial Intelligence, AAAI 2021 ; Conference date: 02-02-2021 Through 09-02-2021",

year = "2021",

language = "English",

series = "35th AAAI Conference on Artificial Intelligence, AAAI 2021",

publisher = "Association for the Advancement of Artificial Intelligence",

pages = "7107--7115",

booktitle = "35th AAAI Conference on Artificial Intelligence, AAAI 2021",

}

Cheng, M, Chen, PY, Liu, S, Chang, S, Hsieh, CJ & Das, P 2021, Self-Progressing Robust Training. in 35th AAAI Conference on Artificial Intelligence, AAAI 2021. 35th AAAI Conference on Artificial Intelligence, AAAI 2021, vol. 8B, Association for the Advancement of Artificial Intelligence, pp. 7107-7115, 35th AAAI Conference on Artificial Intelligence, AAAI 2021, Virtual, Online, 2/02/21. <https://hdl.handle.net/1783.1/114684>

Self-Progressing Robust Training. / Cheng, Minhao; Chen, Pin Yu; Liu, Sijia et al.
35th AAAI Conference on Artificial Intelligence, AAAI 2021. Association for the Advancement of Artificial Intelligence, 2021. p. 7107-7115 (35th AAAI Conference on Artificial Intelligence, AAAI 2021; Vol. 8B).

Research output: Chapter in Book/Conference Proceeding/Report › Conference Paper published in a book › peer-review

TY - GEN

T1 - Self-Progressing Robust Training

AU - Cheng, Minhao

AU - Chen, Pin Yu

AU - Liu, Sijia

AU - Chang, Shiyu

AU - Hsieh, Cho Jui

AU - Das, Payel

PY - 2021

Y1 - 2021

N2 - Enhancing model robustness under new and even adversarial environments is a crucial milestone toward building trustworthy machine learning systems. Current robust training methods such as adversarial training explicitly uses an “attack” (e.g., L-inf-norm bounded perturbation) to generate adversarial examples during model training for improving adversarial robustness. In this paper, we take a different perspective and propose a new framework called SPROUT, self-progressing robust training. During model training, SPROUT progressively adjusts training label distribution via our proposed parametrized label smoothing technique, making training free of attack generation and more scalable. We also motivate SPROUT using a general formulation based on vicinity risk minimization, which includes many robust training methods as special cases. Compared with state-of-the-art adversarial training methods (PGD-L-inf and TRADES) under L-inf-norm bounded attacks and various invariance tests, SPROUT consistently attains superior performance and is more scalable to large neural networks. Our results shed new light on scalable, effective and attack-independent robust training methods.

AB - Enhancing model robustness under new and even adversarial environments is a crucial milestone toward building trustworthy machine learning systems. Current robust training methods such as adversarial training explicitly uses an “attack” (e.g., L-inf-norm bounded perturbation) to generate adversarial examples during model training for improving adversarial robustness. In this paper, we take a different perspective and propose a new framework called SPROUT, self-progressing robust training. During model training, SPROUT progressively adjusts training label distribution via our proposed parametrized label smoothing technique, making training free of attack generation and more scalable. We also motivate SPROUT using a general formulation based on vicinity risk minimization, which includes many robust training methods as special cases. Compared with state-of-the-art adversarial training methods (PGD-L-inf and TRADES) under L-inf-norm bounded attacks and various invariance tests, SPROUT consistently attains superior performance and is more scalable to large neural networks. Our results shed new light on scalable, effective and attack-independent robust training methods.

UR - http://www.scopus.com/inward/record.url?scp=85125035532&partnerID=8YFLogxK

M3 - Conference Paper published in a book

AN - SCOPUS:85125035532

T3 - 35th AAAI Conference on Artificial Intelligence, AAAI 2021

SP - 7107

EP - 7115

BT - 35th AAAI Conference on Artificial Intelligence, AAAI 2021

PB - Association for the Advancement of Artificial Intelligence

T2 - 35th AAAI Conference on Artificial Intelligence, AAAI 2021

Y2 - 2 February 2021 through 9 February 2021

ER -

Self-Progressing Robust Training

Abstract

Publication series

Conference

Bibliographical note

Access to Document

Other files and links

Fingerprint

Cite this