Enhanced Accuracy and Robustness via Multi-teacher Adversarial Distillation

Shiji Zhao; Jie Yu; Zhenlong Sun; Bo Zhang; Xingxing Wei

doi:10.1007/978-3-031-19772-7_34

Enhanced Accuracy and Robustness via Multi-teacher Adversarial Distillation

Shiji Zhao
, Jie Yu
, Zhenlong Sun
, Bo Zhang
, Xingxing Wei^*

^*Corresponding author for this work

School of Artificial Intelligence(Institute of Artificial Intelligence)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

45 Scopus citations

Abstract

Adversarial training is an effective approach for improving the robustness of deep neural networks against adversarial attacks. Although bringing reliable robustness, adversarial training (AT) will reduce the performance of identifying clean examples. Meanwhile, Adversarial training can bring more robustness for large models than small models. To improve the robust and clean accuracy of small models, we introduce the Multi-Teacher Adversarial Robustness Distillation (MTARD) to guide the adversarial training process of small models. Specifically, MTARD uses multiple large teacher models, including an adversarial teacher and a clean teacher to guide a small student model in the adversarial training by knowledge distillation. In addition, we design a dynamic training algorithm to balance the influence between the adversarial teacher and clean teacher models. A series of experiments demonstrate that our MTARD can outperform the state-of-the-art adversarial training and distillation methods against various adversarial attacks. Our code is available at https://github.com/zhaoshiji123/MTARD.

Original language	English
Title of host publication	Computer Vision – ECCV 2022 - 17th European Conference, Proceedings
Editors	Shai Avidan, Gabriel Brostow, Moustapha Cissé, Giovanni Maria Farinella, Tal Hassner
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	585-602
Number of pages	18
ISBN (Print)	9783031197710
DOIs	https://doi.org/10.1007/978-3-031-19772-7_34
State	Published - 2022
Event	17th European Conference on Computer Vision, ECCV 2022 - Tel Aviv, Israel Duration: 23 Oct 2022 → 27 Oct 2022

Publication series

Name	Lecture Notes in Computer Science
Volume	13664 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	17th European Conference on Computer Vision, ECCV 2022
Country/Territory	Israel
City	Tel Aviv
Period	23/10/22 → 27/10/22

Keywords

Adversarial training
DNNs
Knowledge distillation

Access to Document

10.1007/978-3-031-19772-7_34

Cite this

Zhao, S., Yu, J., Sun, Z., Zhang, B., & Wei, X. (2022). Enhanced Accuracy and Robustness via Multi-teacher Adversarial Distillation. In S. Avidan, G. Brostow, M. Cissé, G. M. Farinella, & T. Hassner (Eds.), Computer Vision – ECCV 2022 - 17th European Conference, Proceedings (pp. 585-602). (Lecture Notes in Computer Science; Vol. 13664 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-19772-7_34

Zhao, Shiji ; Yu, Jie ; Sun, Zhenlong et al. / Enhanced Accuracy and Robustness via Multi-teacher Adversarial Distillation. Computer Vision – ECCV 2022 - 17th European Conference, Proceedings. editor / Shai Avidan ; Gabriel Brostow ; Moustapha Cissé ; Giovanni Maria Farinella ; Tal Hassner. Springer Science and Business Media Deutschland GmbH, 2022. pp. 585-602 (Lecture Notes in Computer Science).

@inproceedings{6ca61d6d4d104fc2a6ce19df50502165,

title = "Enhanced Accuracy and Robustness via Multi-teacher Adversarial Distillation",

abstract = "Adversarial training is an effective approach for improving the robustness of deep neural networks against adversarial attacks. Although bringing reliable robustness, adversarial training (AT) will reduce the performance of identifying clean examples. Meanwhile, Adversarial training can bring more robustness for large models than small models. To improve the robust and clean accuracy of small models, we introduce the Multi-Teacher Adversarial Robustness Distillation (MTARD) to guide the adversarial training process of small models. Specifically, MTARD uses multiple large teacher models, including an adversarial teacher and a clean teacher to guide a small student model in the adversarial training by knowledge distillation. In addition, we design a dynamic training algorithm to balance the influence between the adversarial teacher and clean teacher models. A series of experiments demonstrate that our MTARD can outperform the state-of-the-art adversarial training and distillation methods against various adversarial attacks. Our code is available at https://github.com/zhaoshiji123/MTARD.",

keywords = "Adversarial training, DNNs, Knowledge distillation",

author = "Shiji Zhao and Jie Yu and Zhenlong Sun and Bo Zhang and Xingxing Wei",

note = "Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 17th European Conference on Computer Vision, ECCV 2022 ; Conference date: 23-10-2022 Through 27-10-2022",

year = "2022",

doi = "10.1007/978-3-031-19772-7\_34",

language = "英语",

isbn = "9783031197710",

series = "Lecture Notes in Computer Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "585--602",

editor = "Shai Avidan and Gabriel Brostow and Moustapha Ciss{\'e} and Farinella, \{Giovanni Maria\} and Tal Hassner",

booktitle = "Computer Vision – ECCV 2022 - 17th European Conference, Proceedings",

address = "德国",

}

Zhao, S, Yu, J, Sun, Z, Zhang, B & Wei, X 2022, Enhanced Accuracy and Robustness via Multi-teacher Adversarial Distillation. in S Avidan, G Brostow, M Cissé, GM Farinella & T Hassner (eds), Computer Vision – ECCV 2022 - 17th European Conference, Proceedings. Lecture Notes in Computer Science, vol. 13664 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 585-602, 17th European Conference on Computer Vision, ECCV 2022, Tel Aviv, Israel, 23/10/22. https://doi.org/10.1007/978-3-031-19772-7_34

Enhanced Accuracy and Robustness via Multi-teacher Adversarial Distillation. / Zhao, Shiji; Yu, Jie; Sun, Zhenlong et al.
Computer Vision – ECCV 2022 - 17th European Conference, Proceedings. ed. / Shai Avidan; Gabriel Brostow; Moustapha Cissé; Giovanni Maria Farinella; Tal Hassner. Springer Science and Business Media Deutschland GmbH, 2022. p. 585-602 (Lecture Notes in Computer Science; Vol. 13664 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Enhanced Accuracy and Robustness via Multi-teacher Adversarial Distillation

AU - Zhao, Shiji

AU - Yu, Jie

AU - Sun, Zhenlong

AU - Zhang, Bo

AU - Wei, Xingxing

PY - 2022

Y1 - 2022

N2 - Adversarial training is an effective approach for improving the robustness of deep neural networks against adversarial attacks. Although bringing reliable robustness, adversarial training (AT) will reduce the performance of identifying clean examples. Meanwhile, Adversarial training can bring more robustness for large models than small models. To improve the robust and clean accuracy of small models, we introduce the Multi-Teacher Adversarial Robustness Distillation (MTARD) to guide the adversarial training process of small models. Specifically, MTARD uses multiple large teacher models, including an adversarial teacher and a clean teacher to guide a small student model in the adversarial training by knowledge distillation. In addition, we design a dynamic training algorithm to balance the influence between the adversarial teacher and clean teacher models. A series of experiments demonstrate that our MTARD can outperform the state-of-the-art adversarial training and distillation methods against various adversarial attacks. Our code is available at https://github.com/zhaoshiji123/MTARD.

AB - Adversarial training is an effective approach for improving the robustness of deep neural networks against adversarial attacks. Although bringing reliable robustness, adversarial training (AT) will reduce the performance of identifying clean examples. Meanwhile, Adversarial training can bring more robustness for large models than small models. To improve the robust and clean accuracy of small models, we introduce the Multi-Teacher Adversarial Robustness Distillation (MTARD) to guide the adversarial training process of small models. Specifically, MTARD uses multiple large teacher models, including an adversarial teacher and a clean teacher to guide a small student model in the adversarial training by knowledge distillation. In addition, we design a dynamic training algorithm to balance the influence between the adversarial teacher and clean teacher models. A series of experiments demonstrate that our MTARD can outperform the state-of-the-art adversarial training and distillation methods against various adversarial attacks. Our code is available at https://github.com/zhaoshiji123/MTARD.

KW - Adversarial training

KW - DNNs

KW - Knowledge distillation

UR - https://www.scopus.com/pages/publications/85142686699

U2 - 10.1007/978-3-031-19772-7_34

DO - 10.1007/978-3-031-19772-7_34

M3 - 会议稿件

AN - SCOPUS:85142686699

SN - 9783031197710

T3 - Lecture Notes in Computer Science

SP - 585

EP - 602

BT - Computer Vision – ECCV 2022 - 17th European Conference, Proceedings

A2 - Avidan, Shai

A2 - Brostow, Gabriel

A2 - Cissé, Moustapha

A2 - Farinella, Giovanni Maria

A2 - Hassner, Tal

PB - Springer Science and Business Media Deutschland GmbH

T2 - 17th European Conference on Computer Vision, ECCV 2022

Y2 - 23 October 2022 through 27 October 2022

ER -

Zhao S, Yu J, Sun Z, Zhang B, Wei X. Enhanced Accuracy and Robustness via Multi-teacher Adversarial Distillation. In Avidan S, Brostow G, Cissé M, Farinella GM, Hassner T, editors, Computer Vision – ECCV 2022 - 17th European Conference, Proceedings. Springer Science and Business Media Deutschland GmbH. 2022. p. 585-602. (Lecture Notes in Computer Science). doi: 10.1007/978-3-031-19772-7_34