CATIL: Customized adversarial training based on instance loss

Abstract

Adversarial training is one of the most effective adversarial defense methods currently recognized. It enhances the robustness of deep neural network (DNN) classifiers by generating adversarial samples. However, current adversarial training methods cannot effectively trade off the robust accuracy and natural accuracy when training DNN classifiers, and are prone to overfit. To solve these problems, we propose Customized Adversarial Training based on Instance Loss (CATIL), aiming to improve robust accuracy and natural accuracy while alleviating overfitting. We first comprehensively consider the influencing factors of adversarial training and propose the comprehensive customization strategy (CCS), which crafts unique attack strategies for each sample, fine-tunes the classifier's decision boundary, and boosts the robustness of the DNN classifier without compromising its natural accuracy. Second, the loss adjustment strategy (LAS) is designed to update the attack strategy according to the loss value. This increases the fitting difficulty of the DNN classifier and alleviates the overfitting problem. Finally, numerous experiments show that CATIL can effectively enhance robust accuracy and alleviate the overfitting problem without significantly compromising natural accuracy. When evaluating CIFAR-10 on Wide ResNet, CATIL achieves the best performance in both natural and robust accuracy compared to all benchmarks.