Summary of Rethinking Invariance Regularization in Adversarial Training to Improve Robustness-accuracy Trade-off, by Futa Waseda et al.
Rethinking Invariance Regularization in Adversarial Training to Improve Robustness-Accuracy Trade-off
by Futa Waseda, Ching-Chun Chang, Isao Echizen
First submitted to arxiv on: 22 Feb 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Artificial Intelligence (cs.AI)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary This paper tackles the robustness-accuracy trade-off in adversarial training by analyzing challenges in using invariance regularization and proposing a novel approach called Asymmetric Representation-regularized Adversarial Training (ARAT). The authors identify two key issues: gradient conflict between invariance and classification objectives, and the mixture distribution problem. To address these, ARAT incorporates asymmetric invariance loss with stop-gradient operation and a predictor to avoid gradient conflict, as well as a split-BatchNorm structure to resolve the mixture distribution problem. Experimental results demonstrate that ARAT outperforms existing methods across various settings. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary This paper helps us understand how to make AI models more resistant to cheating attempts. Right now, when we try to make them robust, they often become less accurate. Researchers are trying to find a way to balance these two goals. The authors of this paper studied the problem and came up with a new approach called ARAT. It’s like a special tool that helps the model avoid getting confused between normal inputs and ones that have been tampered with. They tested it and found that it works better than other methods in many cases. |
Keywords
* Artificial intelligence * Classification * Regularization
