Revisiting AUC-Oriented Adversarial Training With Loss-Agnostic Perturbations

doi:10.1109/TPAMI.2023.3303934

	Revisiting AUC-Oriented Adversarial Training With Loss-Agnostic Perturbations
	Yang, Zhiyong 1; Xu, Qianqian 2; Hou, Wenzheng 2; Bao, Shilong 3,4; He, Yuan 5; Cao, Xiaochun 6; Huang, Qingming 7,8,9
	2023-12-01
发表期刊	IEEE TRANSACTIONS ON PATTERN ANALYSIS AND MACHINE INTELLIGENCE (IF:9.455[JCR-2017],13.229[5-Year])
ISSN	0162-8828
卷号	45 期号:12 页码:15494-15511
摘要	The Area Under the ROC curve (AUC) is a popular metric for long-tail classification. Many efforts have been devoted to AUC optimization methods in the past decades. However, little exploration has been done to make them survive adversarial attacks. Among the few exceptions, AdAUC presents an early trial for AUC-oriented adversarial training with a convergence guarantee. This algorithm generates the adversarial perturbations globally for all the training examples. However, it implicitly assumes that the attackers must know in advance that the victim is using an AUC-based loss function and training technique, which is too strong to be met in real-world scenarios. Moreover, whether a straightforward generalization bound for AdAUC exists is unclear due to the technical difficulties in decomposing each adversarial example. By carefully revisiting the AUC-orient adversarial training problem, we present three reformulations of the original objective function and propose an inducing algorithm. On top of this, we can show that: 1) Under mild conditions, AdAUC can be optimized equivalently with score-based or instance-wise-loss-based perturbations, which is compatible with most of the popular adversarial example generation methods. 2) AUC-oriented AT does have an explicit error bound to ensure its generalization ability. 3) One can construct a fast SVRG-based gradient descent-ascent algorithm to accelerate the AdAUC method. Finally, the extensive experimental results show the performance and robustness of our algorithm in five long-tail datasets.
关键词	Optimization Training Perturbation methods Machine learning Receivers Machine learning algorithms Linear programming AUC Optimization adversarial learning machine learning
DOI	10.1109/TPAMI.2023.3303934
收录类别	SCI
语种	英语
资助项目	National Key R&D Program of China[2018AAA0102000] ; National Natural Science Foundation of China[62236008] ; National Natural Science Foundation of China[U21B2038] ; National Natural Science Foundation of China[61931008] ; National Natural Science Foundation of China[62025604] ; National Natural Science Foundation of China[6212200758] ; National Natural Science Foundation of China[61976202] ; National Natural Science Foundation of China[62206264] ; Fundamental Research Funds for the Central Universities ; Youth Innovation Promotion Association CAS ; Strategic Priority Research Program of Chinese Academy of Sciences[XDB28000000]
WOS研究方向	Computer Science ; Engineering
WOS类目	Computer Science, Artificial Intelligence ; Engineering, Electrical & Electronic
WOS记录号	WOS:001130146400089
出版者	IEEE COMPUTER SOC
引用统计	正在获取...
文献类型	期刊论文
条目标识符	http://119.78.100.204/handle/2XEOYT63/38358
专题	中国科学院计算技术研究所期刊论文_英文
通讯作者	Xu, Qianqian; Huang, Qingming
作者单位	1.Univ Chinese Acad Sci, Sch Comp Sci & Technol, Beijing 100049, Peoples R China 2.Chinese Acad Sci, Key Lab Intelligent Informat Process, Inst Comp Technol, Beijing 100190, Peoples R China 3.Chinese Acad Sci, State Key Lab Informat Secur SKLOIS, Inst Informat Engn, Beijing 100093, Peoples R China 4.Univ Chinese Acad Sci, Sch Cyber Secur, Beijing 100049, Peoples R China 5.Alibaba Grp, Secur Dept, Hangzhou 311121, Peoples R China 6.Sun Yat Sen Univ, Sch Cyber Sci & Technol, Shenzhen 518107, Guangdong, Peoples R China 7.Univ Chinese Acad Sci, Sch Comp Sci & Technol, Beijing 101408, Peoples R China 8.Univ Chinese Acad Sci, Key Lab Big Data Min & Knowledge Management BDKM, Beijing 101408, Peoples R China 9.Chinese Acad Sci, Key Lab Intelligent Informat Proc, Inst Comp Technol, Beijing 100190, Peoples R China
推荐引用方式 GB/T 7714	Yang, Zhiyong,Xu, Qianqian,Hou, Wenzheng,et al. Revisiting AUC-Oriented Adversarial Training With Loss-Agnostic Perturbations[J]. IEEE TRANSACTIONS ON PATTERN ANALYSIS AND MACHINE INTELLIGENCE,2023,45(12):15494-15511.
APA	Yang, Zhiyong.,Xu, Qianqian.,Hou, Wenzheng.,Bao, Shilong.,He, Yuan.,...&Huang, Qingming.(2023).Revisiting AUC-Oriented Adversarial Training With Loss-Agnostic Perturbations.IEEE TRANSACTIONS ON PATTERN ANALYSIS AND MACHINE INTELLIGENCE,45(12),15494-15511.
MLA	Yang, Zhiyong,et al."Revisiting AUC-Oriented Adversarial Training With Loss-Agnostic Perturbations".IEEE TRANSACTIONS ON PATTERN ANALYSIS AND MACHINE INTELLIGENCE 45.12(2023):15494-15511.