基于可学习攻击步长的联合对抗训练方法OA北大核心CSTPCD

AT is a powerful means to defend against adversarial attacks.However,currently available methods often struggle to strike a balance between training efficiency and adversarial robustness.Some methods increase training efficiency but de-crease adversarial robustness,while others do the opposite.To achieve the best trade-off,this paper proposed a joint adversa-rial training method based on a learnable attack step size(FGSM-LASS).This method included a prediction model and a tar-get model.The prediction model predicted an attack step size for each example,which replaced the fixed-size attack step size using in the FGSM algorithm.Subsequently,the improved FGSM algorithm feeded both the target model parameters and origi-nal examples to generate adversarial examples.Finally,the prediction model and the target model perform joint adversarial training using these adversarial examples.Compared to the five most recent methods,FGSM-LASS was six times faster than LAS-AT,which was the best performing method in terms of robustness,with only 1％decrease in robustness.It was 3％more robust than ATAS,which was comparable in speed.Extensive experimental results fully demonstrate that FGSM-LASS outper-forms current methods in the trade-off between training speed and adversarial robustness.