Uniformly Stable Algorithms for Adversarial Training and Beyond

TL;DR

This paper tackles robust overfitting in adversarial training by leveraging uniform stability as a generalization lens. It introduces Moreau envelope-$\mathcal{A}$ (ME-$\mathcal{A}$), a min-min reformulation that decouples non-smoothness from non-strong convexity, combining an inner strongly convex, non-smooth problem with an outer convex, smooth one. The authors prove uniform stability for both the inner and outer steps, and hence for the overall training, without extra computational cost, and show ME-$\mathcal{A}$ mitigates robust overfitting in practice. Beyond adversarial training, ME-$\mathcal{A}$ is presented as the first uniformly stable algorithm for weakly-convex, non-smooth problems, providing a principled path to improved generalization in challenging non-smooth settings.

Abstract

In adversarial machine learning, neural networks suffer from a significant issue known as robust overfitting, where the robust test accuracy decreases over epochs (Rice et al., 2020). Recent research conducted by Xing et al.,2021; Xiao et al., 2022 has focused on studying the uniform stability of adversarial training. Their investigations revealed that SGD-based adversarial training fails to exhibit uniform stability, and the derived stability bounds align with the observed phenomenon of robust overfitting in experiments. This motivates us to develop uniformly stable algorithms specifically tailored for adversarial training. To this aim, we introduce Moreau envelope-$\mathcal{A}$, a variant of the Moreau Envelope-type algorithm. We employ a Moreau envelope function to reframe the original problem as a min-min problem, separating the non-strong convexity and non-smoothness of the adversarial loss. Then, this approach alternates between solving the inner and outer minimization problems to achieve uniform stability without incurring additional computational overhead. In practical scenarios, we show the efficacy of ME-$\mathcal{A}$ in mitigating the issue of robust overfitting. Beyond its application in adversarial training, this represents a fundamental result in uniform stability analysis, as ME-$\mathcal{A}$ is the first algorithm to exhibit uniform stability for weakly-convex, non-smooth problems.

Figures (3)

• Figure 1: Demonstration of robust overfitting (Orange Line) and mitigating robust overfitting by Moreau envelope-$\mathcal{A}$ (Red Line).
• Figure 2: (a): Comparison of generalization gap induced by SGD and ME-SGD for the toy example. (b) and (c): Robust test accuracy of adversarial training using SGD and ME-$\mathcal{A}$ on SVHN, and CFAR-100, respectively.
• Figure 3: Robust generalization gap and robust test accuracy in the experiments of SGD and ME-$\mathcal{A}$.

Theorems & Definitions (17)

• Definition 3.1
• Theorem 3.2: Generalization in expectation hardt2016train
• Lemma 4.1: Equivalent Problem
• Lemma 4.2: Uniform Stability of Inner Minimization
• Lemma 4.3: Smoothness and Convexity of Moreau Envelops Functions
• Lemma 4.4: Uniform Stability of Outer Minimization
• Theorem 4.5: Generalization bound of ME-$\mathcal{A}$ in Convex Case
• Definition 4.6
• Theorem 4.7: Generalization bound of ME-$\mathcal{A}$ in Weakly-Convex Case
• Theorem 4.8: Optimization error of ME-$\mathcal{A}$ in Convex Case