Timezone: »
An acknowledged weakness of neural networks is their vulnerability to adversarial perturbations to the inputs. To improve the robustness of these models, one of the most popular defense mechanisms is to alternatively maximize the loss over the constrained perturbations (or called adversaries) on the inputs using projected gradient ascent and minimize over weights. In this paper, we analyze the dynamics of the maximization step towards understanding the experimentally observed effectiveness of this defense mechanism. Specifically, we investigate the landscape of the adversaries for a two-layer neural network with a quadratic loss. Our main result proves that projected gradient ascent finds a local maximum of this non-concave problem in a polynomial number of iterations with high probability. To our knowledge, this is the first work that provides a convergence analysis of the first-order adversaries. Moreover, our analysis demonstrates that, in the initial phase of adversarial training, the scale of the inputs matters in the sense that a smaller input scale leads to faster convergence of adversarial training and a ``more regular'' landscape. Finally, we show that these theoretical findings are in excellent agreement with a series of experiments.
Author Information
Zhun Deng (Harvard)
Hangfeng He (University of Pennsylvania)
Jiaoyang Huang (Institute of Advanced Study)
Weijie Su (University of Pennsylvania)
More from the Same Authors
-
2021 : On the Convergence of Deep Learning with Differential Privacy »
Zhiqi Bu · Hua Wang · Qi Long · Weijie Su -
2022 Poster: ROCK: Causal Inference Principles for Reasoning about Commonsense Causality »
Jiayao Zhang · Hongming ZHANG · Weijie Su · Dan Roth -
2022 Poster: When and How Mixup Improves Calibration »
Linjun Zhang · Zhun Deng · Kenji Kawaguchi · James Zou -
2022 Spotlight: When and How Mixup Improves Calibration »
Linjun Zhang · Zhun Deng · Kenji Kawaguchi · James Zou -
2022 Poster: Robustness Implies Generalization via Data-Dependent Generalization Bounds »
Kenji Kawaguchi · Zhun Deng · Kyle Luh · Jiaoyang Huang -
2022 Oral: Robustness Implies Generalization via Data-Dependent Generalization Bounds »
Kenji Kawaguchi · Zhun Deng · Kyle Luh · Jiaoyang Huang -
2022 Spotlight: ROCK: Causal Inference Principles for Reasoning about Commonsense Causality »
Jiayao Zhang · Hongming ZHANG · Weijie Su · Dan Roth -
2021 Poster: Oneshot Differentially Private Top-k Selection »
Gang Qiao · Weijie Su · Li Zhang -
2021 Spotlight: Oneshot Differentially Private Top-k Selection »
Gang Qiao · Weijie Su · Li Zhang -
2021 Poster: Toward Better Generalization Bounds with Locally Elastic Stability »
Zhun Deng · Hangfeng He · Weijie Su -
2021 Spotlight: Toward Better Generalization Bounds with Locally Elastic Stability »
Zhun Deng · Hangfeng He · Weijie Su -
2020 Poster: Interpreting Robust Optimization via Adversarial Influence Functions »
Zhun Deng · Cynthia Dwork · Jialiang Wang · Linjun Zhang -
2020 Poster: Sharp Composition Bounds for Gaussian Differential Privacy via Edgeworth Expansion »
Qinqing Zheng · Jinshuo Dong · Qi Long · Weijie Su