핵심 개념
PeerAiD improves adversarial robustness by training a specialized peer network to defend against student-generated adversarial examples.
초록
Adversarial distillation aims to enhance robustness by transferring knowledge from a robust teacher network to a student network.
PeerAiD introduces a peer network trained to defend against adversarial examples from the student network, surpassing the performance of traditional methods.
The peer network in PeerAiD is specialized for defending the student network, leading to higher robustness and natural accuracy.
Extensive experiments demonstrate the effectiveness of PeerAiD in improving the robustness of student networks across different datasets and models.
PeerAiD shows superior performance in white-box robustness, transfer-based attacks, loss landscape flatness, and feature representation compared to baselines.
통계
PeerAiD는 AutoAttack (AA) 정확도를 최대 1.66%p 향상시키고, ResNet-18 및 TinyImageNet 데이터셋에서 학생 네트워크의 자연 정확도를 최대 4.72%p 향상시킵니다.
PeerAiD는 학생 네트워크의 공격적 예제에 대한 방어를 위해 특화된 피어 네트워크를 훈련시킵니다.
인용구
"PeerAiD는 학생 네트워크의 공격적 예제에 대한 방어를 위해 특화된 피어 네트워크를 훈련시킵니다."
"PeerAiD는 기존 방법들을 능가하여 학생 네트워크의 강건성을 향상시킵니다."