Eliminating Catastrophic Overfitting Via Abnormal Adversarial Examples Regularization

arXiv:2404.08154v1 Announce Type: new
Abstract: Single-step adversarial training (SSAT) has demonstrated the potential to achieve both efficiency and robustness. However, SSAT suffers from catastrophic overfitting (CO), a phenomenon that leads to a severely distorted classifier, making it vulnerable to multi-step adversarial attacks. In this work, we observe that some adversarial examples generated on the SSAT-trained network exhibit anomalous behaviour, that is, although these training samples are generated by the inner maximization process, their associated loss decreases instead, which we named …

abstract adversarial adversarial attacks adversarial examples adversarial training arxiv attacks classifier cs.lg efficiency examples generated however leads making observe overfitting regularization robustness training type via vulnerable work