Memorization Weights for Instance Reweighting in Adversarial Training

Authors

  • Jianfu Zhang RIKEN AIP
  • Yan Hong Shanghai Jiao Tong University
  • Qibin Zhao RIKEN AIP

DOI:

https://doi.org/10.1609/aaai.v37i9.26329

Keywords:

ML: Adversarial Learning & Robustness

Abstract

Adversarial training is an effective way to defend deep neural networks (DNN) against adversarial examples. However, there are atypical samples that are rare and hard to learn, or even hurt DNNs' generalization performance on test data. In this paper, we propose a novel algorithm to reweight the training samples based on self-supervised techniques to mitigate the negative effects of the atypical samples. Specifically, a memory bank is built to record the popular samples as prototypes and calculate the memorization weight for each sample, evaluating the "typicalness" of a sample. All the training samples are reweigthed based on the proposed memorization weights to reduce the negative effects of atypical samples. Experimental results show the proposed method is flexible to boost state-of-the-art adversarial training methods, improving both robustness and standard accuracy of DNNs.
AAAI-23 Proceedings Cover

Downloads

Published

2023-06-26

How to Cite

Zhang, J., Hong, Y., & Zhao, Q. (2023). Memorization Weights for Instance Reweighting in Adversarial Training. Proceedings of the AAAI Conference on Artificial Intelligence, 37(9), 11228-11236. https://doi.org/10.1609/aaai.v37i9.26329

Issue

Vol. 37 No. 9: AAAI-23 Technical Tracks 9

Section

AAAI Technical Track on Machine Learning IV