使用的攻击手段:
1. FGSM
2. I-FGSM
3. MI-FGSM
4. TAP [Transferable adversarial perturbations]
5. ILA(Intermediate Level Attack)[Enhancing adversarial example transferability with an intermediate level attack]
[Gray-box adversarial training]
结论
1. 寻找代理模型:low local loss curvature[Robustness via curvature regularization, and vice versa]
2. undertrained model 效果更好原因:universal gradient characteristics & low loss function curvature
进阶阅读[Robustness via curvature regularization, and vice versa]
背景:low loss curvature leads high robustness
老方法: 模型正常训练→adversarial training fine tuning
新方法:模型训练过程中使用CURE(Curvature regularization (CURE) method)实现low curvature of loss进而实现high robustness
此方法用在攻击中同样有效