MMA Training: Direct Input Space Margin Maximization through Adversarial Training

December 06, 2018 · Entered Twilight · 🏛 International Conference on Learning Representations

"Last commit was 5.0 years ago (≥5 year threshold)"

Evidence collected by the PWNC Scanner

Repo contents: .gitignore, LICENSE, README.md, anpgd.py, attack_cifar10_models.sh, attack_mnist_models.sh, config.py, evaluate_on_pgd_attacks.py, requirements.txt, run_cifar10_training.sh, run_mnist_training.sh, train.py, trained_models, trainer.py, utils.py

Authors Gavin Weiguang Ding, Yash Sharma, Kry Yik Chau Lui, Ruitong Huang arXiv ID 1812.02637 Category cs.LG: Machine Learning Cross-listed cs.NE, stat.ML Citations 299 Venue International Conference on Learning Representations Repository https://github.com/BorealisAI/mma_training ⭐ 34 Last Checked 2 months ago

Abstract

We study adversarial robustness of neural networks from a margin maximization perspective, where margins are defined as the distances from inputs to a classifier's decision boundary. Our study shows that maximizing margins can be achieved by minimizing the adversarial loss on the decision boundary at the "shortest successful perturbation", demonstrating a close connection between adversarial losses and the margins. We propose Max-Margin Adversarial (MMA) training to directly maximize the margins to achieve adversarial robustness. Instead of adversarial training with a fixed $ε$, MMA offers an improvement by enabling adaptive selection of the "correct" $ε$ as the margin individually for each datapoint. In addition, we rigorously analyze adversarial training with the perspective of margin maximization, and provide an alternative interpretation for adversarial training, maximizing either a lower or an upper bound of the margins. Our experiments empirically confirm our theory and demonstrate MMA training's efficacy on the MNIST and CIFAR10 datasets w.r.t. $\ell_\infty$ and $\ell_2$ robustness. Code and models are available at https://github.com/BorealisAI/mma_training.