MemLoss: Enhancing Adversarial Training with Recycling Adversarial Examples
Soroush Mahdi, Maryam Amirmazlaghani, Saeed Saravani, Zahra Dehghanian
TL;DR
MemLoss proposes a memory-augmented adversarial training framework that reuses adversarial examples from previous training epochs, called Memory Adversarial Examples, to improve robustness without sacrificing clean accuracy. By adding a memory-based loss term to the TRADES objective, MemLoss solidifies and broadens adversarial directions across epochs, reducing forgetting and enhancing generalization. Empirical results on CIFAR-10, CIFAR-100, and SVHN show MemLoss improves robust accuracy while maintaining or improving clean accuracy, and it also boosts performance when combined with HAT. The approach is orthogonal to existing frameworks and can be applied broadly, offering a practical route to stronger, more stable adversarial defenses with minimal extra computational cost.
Abstract
In this paper, we propose a new approach called MemLoss to improve the adversarial training of machine learning models. MemLoss leverages previously generated adversarial examples, referred to as 'Memory Adversarial Examples,' to enhance model robustness and accuracy without compromising performance on clean data. By using these examples across training epochs, MemLoss provides a balanced improvement in both natural accuracy and adversarial robustness. Experimental results on multiple datasets, including CIFAR-10, demonstrate that our method achieves better accuracy compared to existing adversarial training methods while maintaining strong robustness against attacks.