ARMOURED: Adversarially Robust MOdels using Unlabeled data by REgularizing Diversity

ICLR 2021  ·  Kangkang Lu, Cuong Manh Nguyen, Xun Xu, Kiran Chari, Yu Jing Goh, Chuan-Sheng Foo ·

Adversarial attacks pose a major challenge for modern deep neural networks. Recent advancements show that adversarially robust generalization requires a huge amount of labeled data for training. If annotation becomes a burden, can unlabeled data help bridge the gap? In this paper, we propose ARMOURED, an adversarially robust training method based on semi-supervised learning that consists of two components. The first component applies multi-view learning to simultaneously optimize multiple independent networks and utilizes unlabeled data to enforce labeling consistency. The second component reduces adversarial transferability among the networks via diversity regularizers inspired by determinantal point processes and entropy maximization. Notably, ARMOURED does not rely on generating adversarial samples during training. We demonstrate the robustness of ARMOURED on CIFAR-10 and SVHN datasets against state-of-the-art benchmarks in both the adversarial robust training and the semi-supervised training domains. Experimental results show that under projected gradient descent attacks with bounded $\ell_{\infty}$ norm, ARMOURED achieves substantial gains in accuracy, while maintaining high accuracy on clean samples.

PDF Abstract

Code
Add Remove Mark official

No code implementations yet. Submit your code now

Datasets

CIFAR-10 SVHN

Results from the Paper
Add Remove

  Submit results from this paper to get state-of-the-art GitHub badges and help the community compare results to other papers.

Methods
Add Remove

No methods listed for this paper. Add relevant methods here
Contact us on: hello@paperswithcode.com . Papers With Code is a free resource with all data licensed under CC-BY-SA.
Terms Data policy Cookies policy