Advancing Adversarial Training by Injecting Booster Signal

Recent works have demonstrated that deep neural networks (DNNs) are highly vulnerable to adversarial attacks. To defend against adversarial attacks, many defense strategies have been proposed, among which adversarial training (AT) has been demonstrated to be the most effective strategy. However, it has been known that AT sometimes hurts natural accuracy. Then, many works focus on optimizing model parameters to handle the problem. Different from the previous approaches, in this article, we propose a new approach to improve the adversarial robustness using an external signal rather than model parameters. In the proposed method, a well-optimized universal external signal called a booster signal is injected into the outside of the image which does not overlap with the original content. Then, it boosts both adversarial robustness and natural accuracy. The booster signal is optimized in parallel to model parameters step by step collaboratively. Experimental results show that the booster signal can improve both the natural and robust accuracies over the recent state-of-the-art AT methods. Also, optimizing the booster signal is general and flexible enough to be adopted on any existing AT methods.

Automated summary

Recent research has shown that deep neural networks (DNNs) are highly susceptible to adversarial attacks. Adversarial training (AT) has been recognized as the most effective defense strategy against such attacks, although it may compromise natural accuracy. To address this issue, this article proposes a new approach that utilizes an external signal, known as a booster signal, to enhance adversarial robustness. The booster signal, optimized alongside model parameters, is injected outside the image without overlapping the original content, resulting in improved both adversarial and natural accuracy. Experimental results demonstrate that the booster signal can effectively enhance the performance of existing AT methods, and its optimization method is flexible and applicable.