本文介绍了一种名为Curriculum Adversarial Training(CAT)的方法,旨在解决对抗训练过度拟合特定攻击的问题,提高模型在测试数据上的泛化能力。基本的课程学习策略从弱攻击开始,逐步增加攻击强度。为了增强模型的鲁棒性,作者提出了两种额外的优化技术:批处理混合和量化。批处理混合通过在每个批次中混合不同攻击强度的对抗样本来防止遗忘,而量化限制输入到有限的空间,减少对抗样例的可能性。实验表明,CAT结合量化不仅提高了训练效率,还增强了模型对对抗样本的实证最坏情况准确性。
Weakness of adversarial training: overfit to the attack in use and hence does not generalize to test data
Curriculum adversarial training
思想:train model from weak attack to strong attack
方法
Let l l l denote the attack strength, K K K denote the maximal attack strength. A ( l ) \mathcal{A}(l) A(l) denotes an attack class parameterized with l l l.
Basic curriculum learning
i). start from no attack;
ii). train the model for one epoch and, once finished, calculate the l ~ \tilde{l} l~-accuracy;
iii-a). if l ~ \tilde{l} l~ increases at least once over the last 10 epoches, continue training;
iii-b). if l ~ \tilde{l} l~ does not increase over the last 10 epoches, set the parameters of the model to be the best ones (i.e. 10 epoches ago), and increase l l l by 1;
iv). Stop when
最低0.47元/天 解锁文章
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
