Semi-supervised robust training with generalized perturbed neighborhood
作者:
Highlights:
• We propose a robust training method by jointly minimizing standard risk and robust risk, which is naturally extended the semi-supervised mode.
• By generalizing the definition of the perturbed neighborhood to cover different types of perturbations, our method achieves the joint robustness to different perturbations, such as the pixel-wise and spatial perturbation.
• Experiments on benchmark datasets verify the superiority of the proposed SRT method to state-of-the-art adversarial training methods, as well as the robustness of SRT to pixel-wise and spatial perturbations simultaneously.
摘要
•We propose a robust training method by jointly minimizing standard risk and robust risk, which is naturally extended the semi-supervised mode.•By generalizing the definition of the perturbed neighborhood to cover different types of perturbations, our method achieves the joint robustness to different perturbations, such as the pixel-wise and spatial perturbation.•Experiments on benchmark datasets verify the superiority of the proposed SRT method to state-of-the-art adversarial training methods, as well as the robustness of SRT to pixel-wise and spatial perturbations simultaneously.
论文关键词:Adversarial Defense,Adversarial Learning,Semi-supervised Learning,AI Security,Deep Learning,Classification
论文评审过程:Received 29 December 2020, Revised 12 July 2021, Accepted 28 November 2021, Available online 1 December 2021, Version of Record 10 December 2021.
论文官网地址:https://doi.org/10.1016/j.patcog.2021.108472
