Abstract
AbstractThe data augmentation method has been demonstrated as a ploy for enhancing model accuracy and adversarial robustness. However, it is well known that the traditional data augmentation methods have limited ability to defend against adversarial attacks. The most effective way to defend against adversarial attacks is still adversarial training. In addition, the trade-off between classification accuracy and robustness in adversarial training is also a popular research direction. In this paper, we propose a more effective method to combine one mixup algorithm with adversarial training to further enhance the robustness and accuracy of the model. Specifically, we align images in the feature space before the adversarial training. This method adds the features of another image on the basis of retaining the outline of one image. The images are trained by adversarial attack afterward. To verify the effectiveness of our method, we compare several other adversarial training methods. The experiments show our method achieves significant robustness and accuracy gains. Especially, our method makes an impressive trade-off between robustness and accuracy.KeywordsMixupData augmentationAdversarial training
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
