Hard Adversarial Example Mining for Improving Robust Fairness

by   Chenhao Lin, et al.
Nanjing University of Aeronautics and Astronautics
Xi'an Jiaotong University
Wuhan University

Adversarial training (AT) is widely considered the state-of-the-art technique for improving the robustness of deep neural networks (DNNs) against adversarial examples (AE). Nevertheless, recent studies have revealed that adversarially trained models are prone to unfairness problems, restricting their applicability. In this paper, we empirically observe that this limitation may be attributed to serious adversarial confidence overfitting, i.e., certain adversarial examples with overconfidence. To alleviate this problem, we propose HAM, a straightforward yet effective framework via adaptive Hard Adversarial example Mining.HAM concentrates on mining hard adversarial examples while discarding the easy ones in an adaptive fashion. Specifically, HAM identifies hard AEs in terms of their step sizes needed to cross the decision boundary when calculating loss value. Besides, an early-dropping mechanism is incorporated to discard the easy examples at the initial stages of AE generation, resulting in efficient AT. Extensive experimental results on CIFAR-10, SVHN, and Imagenette demonstrate that HAM achieves significant improvement in robust fairness while reducing computational cost compared to several state-of-the-art adversarial training methods. The code will be made publicly available.


Generalized Adversarial Examples: Attacks and Defenses

Most of the works follow such definition of adversarial example that is ...

Multi-stage Optimization based Adversarial Training

In the field of adversarial robustness, there is a common practice that ...

BulletTrain: Accelerating Robust Neural Network Training via Boundary Example Mining

Neural network robustness has become a central topic in machine learning...

Improving Robust Fairness via Balance Adversarial Training

Adversarial training (AT) methods are effective against adversarial atta...

Adaptive Neighbourhoods for the Discovery of Adversarial Examples

Deep Neural Networks (DNNs) have often supplied state-of-the-art results...

Enhancing Knowledge Tracing via Adversarial Training

We study the problem of knowledge tracing (KT) where the goal is to trac...

Easy Batch Normalization

It was shown that adversarial examples improve object recognition. But w...

Please sign up or login with your details

Forgot password? Click here to reset