Deep Adversarial Defense Against Multilevel-Lp Attacks
Ren Wang, YuXuan Li, Alfred Hero
Unverified — Be the first to reproduce this paper.
ReproduceAbstract
Deep learning models have shown considerable vulnerability to adversarial attacks, particularly as attacker strategies become more sophisticated. While traditional adversarial training (AT) techniques offer some resilience, they often focus on defending against a single type of attack, e.g., the _-norm attack, which can fail for other types. This paper introduces a computationally efficient multilevel _p defense, called the Efficient Robust Mode Connectivity (EMRC) method, which aims to enhance a deep learning model's resilience against multiple _p-norm attacks. Similar to analytical continuation approaches used in continuous optimization, the method blends two p-specific adversarially optimal models, the _1- and _-norm AT solutions, to provide good adversarial robustness for a range of p. We present experiments demonstrating that our approach performs better on various attacks as compared to AT-_, E-AT, and MSD, for datasets/architectures including: CIFAR-10, CIFAR-100 / PreResNet110, WideResNet, ViT-Base.