The fact that deep neural networks are susceptible to crafted perturbations severely impacts the use of deep learning in certain domains of application. Among many developed defense models against such attacks, adversarial training emerges as the most successful method that consistently resists a wide range of attacks. In this work, based on an observation from a previous study that the representations of a clean data example and its adversarial examples become more divergent in higher layers of a deep neural net, we propose the Adversary Divergence Reduction Network which enforces local/global compactness and the clustering assumption over an intermediate layer of a deep neural network. We conduct comprehensive experiments to understand the isolating behavior of each component (i.e., local/global compactness and the clustering assumption) and compare our proposed model with state-of-the-art adversarial training methods. The experimental results demonstrate that augmenting adversarial training with our proposed components can further improve the robustness of the network, leading to higher unperturbed and adversarial predictive performances.

中文翻译：

---

通过加强本地和全球契约来提高对抗性鲁棒性

深度神经网络容易受到精心设计的扰动这一事实严重影响了深度学习在某些应用领域的使用。在针对此类攻击的许多已开发防御模型中，对抗性训练是始终抵抗各种攻击的最成功方法。在这项工作中，基于先前研究的观察结果，即干净数据示例及其对抗示例的表示在深度神经网络的更高层中变得更加发散，我们提出了对抗发散减少网络，该网络强制执行局部/全局紧凑性和在深度神经网络的中间层上的聚类假设。我们进行了全面的实验来了解每个组件的隔离行为（即，局部/全局紧凑性和聚类假设）并将我们提出的模型与最先进的对抗训练方法进行比较。实验结果表明，使用我们提出的组件增强对抗性训练可以进一步提高网络的鲁棒性，从而获得更高的不受干扰和对抗性的预测性能。