Understanding and combating robust overfitting via input loss landscape analysis and regularization. (April 2023)
- Record Type:
- Journal Article
- Title:
- Understanding and combating robust overfitting via input loss landscape analysis and regularization. (April 2023)
- Main Title:
- Understanding and combating robust overfitting via input loss landscape analysis and regularization
- Authors:
- Li, Lin
Spratling, Michael - Abstract:
- Highlights: robust overfitting in adversarial training stems from the minimization of clean loss robust overfitting turns severer with the decrease in the strength of gradient regularization as a result of the degeneration of training adversarial examples robust overfitting can be mitigated by smoothing the loss landscape The proposed new smoothing method significantly mitigates robust overfitting and achieves the highest robustness and efficiency compared to similar previous methods Abstract: Adversarial training is widely used to improve the robustness of deep neural networks to adversarial attack. However, adversarial training is prone to overfitting, and the cause is far from clear. This work sheds light on the mechanisms underlying overfitting through analyzing the loss landscape w.r.t. the input. We find that robust overfitting results from standard training, specifically the minimization of the clean loss, and can be mitigated by regularization of the loss gradients. Moreover, we find that robust overfitting turns severer during adversarial training partially because the gradient regularization effect of adversarial training becomes weaker due to the increase in the loss landscape's curvature. To improve robust generalization, we propose a new regularizer to smooth the loss landscape by penalizing the weighted logits variation along the adversarial direction. Our method significantly mitigates robust overfitting and achieves the highest robustness and efficiencyHighlights: robust overfitting in adversarial training stems from the minimization of clean loss robust overfitting turns severer with the decrease in the strength of gradient regularization as a result of the degeneration of training adversarial examples robust overfitting can be mitigated by smoothing the loss landscape The proposed new smoothing method significantly mitigates robust overfitting and achieves the highest robustness and efficiency compared to similar previous methods Abstract: Adversarial training is widely used to improve the robustness of deep neural networks to adversarial attack. However, adversarial training is prone to overfitting, and the cause is far from clear. This work sheds light on the mechanisms underlying overfitting through analyzing the loss landscape w.r.t. the input. We find that robust overfitting results from standard training, specifically the minimization of the clean loss, and can be mitigated by regularization of the loss gradients. Moreover, we find that robust overfitting turns severer during adversarial training partially because the gradient regularization effect of adversarial training becomes weaker due to the increase in the loss landscape's curvature. To improve robust generalization, we propose a new regularizer to smooth the loss landscape by penalizing the weighted logits variation along the adversarial direction. Our method significantly mitigates robust overfitting and achieves the highest robustness and efficiency compared to similar previous methods. Code is available at https://github.com/TreeLLi/Combating-RO-AdvLC . … (more)
- Is Part Of:
- Pattern recognition. Volume 136(2023)
- Journal:
- Pattern recognition
- Issue:
- Volume 136(2023)
- Issue Display:
- Volume 136, Issue 2023 (2023)
- Year:
- 2023
- Volume:
- 136
- Issue:
- 2023
- Issue Sort Value:
- 2023-0136-2023-0000
- Page Start:
- Page End:
- Publication Date:
- 2023-04
- Subjects:
- Adversarial robustness -- Adversarial training -- Robust overfitting -- Loss landscape analysis -- Logit regularization
Pattern perception -- Periodicals
Perception des structures -- Périodiques
Patroonherkenning
006.4 - Journal URLs:
- http://www.sciencedirect.com/science/journal/00313203 ↗
http://www.sciencedirect.com/ ↗ - DOI:
- 10.1016/j.patcog.2022.109229 ↗
- Languages:
- English
- ISSNs:
- 0031-3203
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 25681.xml