Ignition Phase : Standard Training for Fast Adversarial Robustness
By: Wang Yu-Hang , Liu ying , Fang liang and more
Potential Business Impact:
Makes computer programs smarter and safer to use.
Adversarial Training (AT) is a cornerstone defense, but many variants overlook foundational feature representations by primarily focusing on stronger attack generation. We introduce Adversarial Evolution Training (AET), a simple yet powerful framework that strategically prepends an Empirical Risk Minimization (ERM) phase to conventional AT. We hypothesize this initial ERM phase cultivates a favorable feature manifold, enabling more efficient and effective robustness acquisition. Empirically, AET achieves comparable or superior robustness more rapidly, improves clean accuracy, and cuts training costs by 8-25\%. Its effectiveness is shown across multiple datasets, architectures, and when augmenting established AT methods. Our findings underscore the impact of feature pre-conditioning via standard training for developing more efficient, principled robust defenses. Code is available in the supplementary material.
Similar Papers
Adversarial Training for Multimodal Large Language Models against Jailbreak Attacks
CV and Pattern Recognition
Stops AI from being tricked into saying bad things.
Identifying and Understanding Cross-Class Features in Adversarial Training
Machine Learning (CS)
Makes AI smarter and harder to trick.
Robustness Feature Adapter for Efficient Adversarial Training
Machine Learning (CS)
Makes AI smarter and safer from tricks.