TY - GEN
T1 - Robust Distillation via Untargeted and Targeted Intermediate Adversarial Samples
AU - Dong, Junhao
AU - Koniusz, Piotr
AU - Chen, Junxi
AU - Wang, Z. Jane
AU - Ong, Yew Soon
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - Adversarially robust knowledge distillation aims to com-press large-scale models into lightweight models while preserving adversarial robustness and natural performance on a given dataset. Existing methods typically align probability distributions of natural and adversarial samples between teacher and student models, but they overlook intermediate adversarial samples along the 'adversarial path' formed by the multi-step gradient ascent of a sample towards the decision boundary. Such paths capture rich information about the decision boundary. In this paper, we propose a novel adversarially robust knowledge distillation approach by incorporating such adversarial paths into the alignment process. Recognizing the diverse impacts of intermediate adversarial samples (ranging from benign to noisy), we propose an adaptive weighting strategy to selectively em-phasize informative adversarial samples, thus ensuring efficient utilization of lightweight model capacity. Moreover, we propose a dual-branch mechanism exploiting two following insights: (i) complementary dynamics of adversar-ial paths obtained by targeted and untargeted adversarial learning, and (ii) inherent differences between the gradient ascent path from class ci towards the nearest class bound-ary and the gradient descent path from a specific class cj towards the decision region of ci(i≠ j). Comprehensive experiments demonstrate the effectiveness of our method on lightweight models under various settings.
AB - Adversarially robust knowledge distillation aims to com-press large-scale models into lightweight models while preserving adversarial robustness and natural performance on a given dataset. Existing methods typically align probability distributions of natural and adversarial samples between teacher and student models, but they overlook intermediate adversarial samples along the 'adversarial path' formed by the multi-step gradient ascent of a sample towards the decision boundary. Such paths capture rich information about the decision boundary. In this paper, we propose a novel adversarially robust knowledge distillation approach by incorporating such adversarial paths into the alignment process. Recognizing the diverse impacts of intermediate adversarial samples (ranging from benign to noisy), we propose an adaptive weighting strategy to selectively em-phasize informative adversarial samples, thus ensuring efficient utilization of lightweight model capacity. Moreover, we propose a dual-branch mechanism exploiting two following insights: (i) complementary dynamics of adversar-ial paths obtained by targeted and untargeted adversarial learning, and (ii) inherent differences between the gradient ascent path from class ci towards the nearest class bound-ary and the gradient descent path from a specific class cj towards the decision region of ci(i≠ j). Comprehensive experiments demonstrate the effectiveness of our method on lightweight models under various settings.
KW - Adversarial learning
KW - Adversarially robust knowledge distillation
KW - Intermediate adversarial sample
UR - http://www.scopus.com/inward/record.url?scp=85206358670&partnerID=8YFLogxK
U2 - 10.1109/CVPR52733.2024.02686
DO - 10.1109/CVPR52733.2024.02686
M3 - Conference contribution
AN - SCOPUS:85206358670
T3 - Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition
SP - 28432
EP - 28442
BT - Proceedings - 2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2024
PB - IEEE Computer Society
T2 - 2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2024
Y2 - 16 June 2024 through 22 June 2024
ER -