信息工程大学学报2025,Vol.26Issue(4):470-477,8.DOI:10.3969/j.issn.1671-0673.2025.04.014
元微调对抗训练:面向多类型对抗攻击的对抗训练改进方法
Meta Fine-Tuning Adversarial Training:An Improved Adversarial Training Approach for Multiple Types of Adversarial Attacks
摘要
Abstract
Adversarial training,as an important technique for enhancing model robustness,faces prob-lems of high training costs and inability to defend against multiple adversarial attacks.An improved ad-versarial training approach based on meta-learning is proposed.By integrating pre-training fine-tuning and diffusion model data generation strategies,a dual-branch training architecture is designed.One branch is fine-tuned on an l∞ robust model to improve its l∞ robustness,and the other branch trains against composite adversarialattacks to enhance the model's defense capabilities against non-lp norm at-tacks.During training,the weights of both branches are fused through a mixed model and periodically reinitialized,enabling the final model to simultaneously resist both l∞ attacks and composite adver-sarial attacks.Experimental results show that the proposed approach maintains l∞ robustness while achieving superior defensive performance against composite adversarial attacks on the composite ad-versarial robustness benchmark(CARBEN).关键词
对抗训练/组合对抗攻击/对抗鲁棒性/元学习Key words
adversarial training/composite adversarial attack/adversarial robustness/meta-learning分类
信息技术与安全科学引用本文复制引用
刘文钊,杨奎武,陈越,郭靖臣,胡学先..元微调对抗训练:面向多类型对抗攻击的对抗训练改进方法[J].信息工程大学学报,2025,26(4):470-477,8.基金项目
国家自然科学基金(62172433) (62172433)
