Mitigating Feature Gap for Adversarial Robustness by Feature Disentanglement

Nuoyan Zhou; Dawei Zhou; Decheng Liu; Nannan Wang; Xinbo Gao

doi:10.1609/aaai.v39i10.33176

Authors

Nuoyan Zhou State Key Laboratory of Integrated Services Networks, Xidian University, Xi'an, China
Dawei Zhou State Key Laboratory of Integrated Services Networks, Xidian University, Xi'an, China
Decheng Liu State Key Laboratory of Integrated Services Networks, Xidian University, Xi'an, China
Nannan Wang State Key Laboratory of Integrated Services Networks, Xidian University, Xi'an, China
Xinbo Gao Chongqing Key Laboratory of Image Cognition, Chongqing University of Posts and Telecommunications, Chongqing, China

DOI:

https://doi.org/10.1609/aaai.v39i10.33176

Abstract

Adversarial fine-tuning methods enhance adversarial robustness via fine-tuning the pre-trained model in an adversarial training manner. However, we identify that some specific latent features of adversarial samples are confused by adversarial perturbation and lead to an unexpectedly increasing gap between features in the last hidden layer of natural and adversarial samples. To address this issue, we propose a disentanglement-based approach to explicitly model and further remove the specific latent features. We introduce a feature disentangler to separate out the specific latent features from the features of the adversarial samples, thereby boosting robustness by eliminating the specific latent features. Besides, we align clean features in the pre-trained model with features of adversarial samples in the fine-tuned model, to benefit from the intrinsic features of natural samples. Empirical evaluations on three benchmark datasets demonstrate that our approach surpasses existing adversarial fine-tuning methods and adversarial training baselines.

Mitigating Feature Gap for Adversarial Robustness by Feature Disentanglement

Authors

DOI:

Abstract

Downloads

Published

How to Cite

Issue

Section

Information