A Closer Look at Curriculum Adversarial Training: From an Online Perspective

Authors

  • Lianghe Shi Wuhan University
  • Weiwei Liu Wuhan University

DOI:

https://doi.org/10.1609/aaai.v38i13.29418

Keywords:

ML: Learning Theory, ML: Adversarial Learning & Robustness

Abstract

Curriculum adversarial training empirically finds that gradually increasing the hardness of adversarial examples can further improve the adversarial robustness of the trained model compared to conventional adversarial training. However, theoretical understanding of this strategy remains limited. In an attempt to bridge this gap, we analyze the adversarial training process from an online perspective. Specifically, we treat adversarial examples in different iterations as samples from different adversarial distributions. We then introduce the time series prediction framework and deduce novel generalization error bounds. Our theoretical results not only demonstrate the effectiveness of the conventional adversarial training algorithm but also explain why curriculum adversarial training methods can further improve adversarial generalization. We conduct comprehensive experiments to support our theory.
AAAI-24 / IAAI-24 / EAAI-24 Proceedings Cover

Downloads

Published

2024-03-24

How to Cite

Shi, L., & Liu, W. (2024). A Closer Look at Curriculum Adversarial Training: From an Online Perspective. Proceedings of the AAAI Conference on Artificial Intelligence, 38(13), 14973–14981. https://doi.org/10.1609/aaai.v38i13.29418

Issue

Vol. 38 No. 13: AAAI-24 Technical Tracks 13

Section

AAAI Technical Track on Machine Learning IV