A3T: accuracy aware adversarial training
Adversarial training has been empirically shown to be more prone to overfitting than standard training. The exact underlying reasons are still not fully understood. In this paper, we identify one cause of overfitting related to current practices of generating adversarial examples from misclassified samples. We show that, following current practice, adversarial examples from misclassified samples results in harder-to-classify samples than the original ones. This leads to a complex adjustment of the decision boundary during training and hence overfitting. To mitigate this issue, we propose A3T, an accuracy aware AT method that generate adversarial example differently for misclassified and correctly classified samples. We show that our approach achieves better generalization while maintaining comparable robustness to state-of-the-art AT methods on a wide range of computer vision, natural language processing, and tabular tasks.
Other Information
Published in: Machine Learning
License: https://creativecommons.org/licenses/by/4.0
See article on publisher's website: https://dx.doi.org/10.1007/s10994-023-06341-w
Funding
Open Access funding provided by the Qatar National Library.
History
Language
- English
Publisher
Springer NaturePublication Year
- 2023
License statement
This Item is licensed under the Creative Commons Attribution 4.0 International License.Institution affiliated with
- Hamad Bin Khalifa University
- Qatar Computing Research Institute - HBKU