Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Adversarial Training: A Survey

Mengnan Zhao, Lihe Zhang, Jingwen Ye, Huchuan Lu, Baocai Yin, Xinchao Wang

TL;DR

This survey describes the implementation procedures and practical applications of AT, followed by a comprehensive review of AT techniques from three perspectives: data enhancement, network design, and training configurations.

Abstract

Adversarial training (AT) refers to integrating adversarial examples -- inputs altered with imperceptible perturbations that can significantly impact model predictions -- into the training process. Recent studies have demonstrated the effectiveness of AT in improving the robustness of deep neural networks against diverse adversarial attacks. However, a comprehensive overview of these developments is still missing. This survey addresses this gap by reviewing a broad range of recent and representative studies. Specifically, we first describe the implementation procedures and practical applications of AT, followed by a comprehensive review of AT techniques from three perspectives: data enhancement, network design, and training configurations. Lastly, we discuss common challenges in AT and propose several promising directions for future research.

Adversarial Training: A Survey

TL;DR

This survey describes the implementation procedures and practical applications of AT, followed by a comprehensive review of AT techniques from three perspectives: data enhancement, network design, and training configurations.

Abstract

Adversarial training (AT) refers to integrating adversarial examples -- inputs altered with imperceptible perturbations that can significantly impact model predictions -- into the training process. Recent studies have demonstrated the effectiveness of AT in improving the robustness of deep neural networks against diverse adversarial attacks. However, a comprehensive overview of these developments is still missing. This survey addresses this gap by reviewing a broad range of recent and representative studies. Specifically, we first describe the implementation procedures and practical applications of AT, followed by a comprehensive review of AT techniques from three perspectives: data enhancement, network design, and training configurations. Lastly, we discuss common challenges in AT and propose several promising directions for future research.

Paper Structure

This paper contains 12 sections, 66 equations, 2 figures, 3 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Adversarial Training: Expression and Application
  3. Formulation of AT
  4. Applications of AT
  5. Overview of adversarial training
  6. Data Perspective
  7. Model Perspective
  8. Training Configurations Perspective
  9. Challenges and potential research directions
  10. Challenges
  11. Potential Research Directions
  12. Conclusion

Figures (2)

  • Figure 1: The adversarial perturbation $\epsilon \cdot \text{sign}(\nabla_{x} \ell(x, y;\theta))$ causes the object 'panda' to be misclassified as 'gibbon'.
  • Figure 2: A comprehensive overview of adversarial training.