@inproceedings{582eb806b24c47689b632fcd9af10e87,
title = "Improved Adversarial Robustness by Hardened Prediction",
abstract = "We find a way to harden the decision of a neural network. Combining such a hardening effect with another adversarial training method would further improve its adversarial robustness. By suppressing the logit corresponding to the class that the model has highest confidence during training, the model is encouraged to make harder predictions. This significantly improves a model's robustness against gradient-based adversarial attacks. The simplicity of our method makes it very easy to be deployed on existing adversarial training schemes with almost no computational overhead. The experimental results show that a model trained with TRADES benefits from hardening. It shows a greatly improved robustness against the PGD attack while retaining similar performance against decision-based attacks. How the hardening effect effectively defends the models from gradient-based attacks is worth further investigation.",
author = "Qihang Liang and Chung Chan",
year = "2022",
doi = "10.1109/ISIT50566.2022.9834822",
language = "English",
isbn = "978-1-6654-2160-7",
series = "IEEE International Symposium on Information Theory - Proceedings",
publisher = "IEEE",
pages = "2952--2956",
booktitle = "2022 IEEE International Symposium on Information Theory (ISIT)",
address = "United States",
note = "2022 IEEE International Symposium on Information Theory, ISIT 2022 ; Conference date: 26-06-2022 Through 01-07-2022",
}