The paper discusses adversarial training’s robustness-accuracy trade-off problem and proposes a solution. The authors focus on invariance regularization to create adversarially invariant representations without losing discriminative power. They identify two key issues: a gradient conflict between invariance loss and classification objectives, and a mixture distribution problem from diverged distributions of clean and adversarial inputs. To address these issues, they propose Asymmetrically Representation-regularized Adversarial Training (AR-AT), which uses a stop-gradient operation and a predictor to prevent collapsing solutions and a split-BatchNorm structure to solve the mixture distribution problem.
Publication date: 22 Feb 2024
Project Page: https://arxiv.org/abs/2402.14648v1
Paper: https://arxiv.org/pdf/2402.14648
