Adversarial training has become one of the most widely used methods to defense the attack of adversarial examples, since its properties of improving the robustness of neural networks. To achieve this, many representative works have been proposed to optimize the hyper-parameters in the adversarial training, so as to obtain the optimal trade-off between model classification accuracy and robustness. However, existing works are still in its infancy, especially in terms of model accuracy and training efficiency. In this paper, we propose Specific Adversarial Training(SAT), a novel framework to solve this challenge. Specifically, SAT improves the process of adversarial training by crafting specific perturbation and label for each data point. With this, these generated samples can close and properly cross the decision boundary meanwhile obtain an ideal label, which performs a positive effects in adversarial training. Experimental results show that our method can achieve 88.62% natural accuracy while the adversarial accuracy also improve from 43.79% to 52.34% in the CIFAR-10 dataset. Meanwhile, we achieve a higher efficiency compared to prior works.

对抗训练已成为防御对抗样本攻击的最广泛使用的方法之一，因为它具有提高神经网络鲁棒性的特性。为了实现这一点，已经提出了许多具有代表性的工作来优化对抗训练中的超参数，从而在模型分类精度和鲁棒性之间获得最佳权衡。然而，现有的工作仍处于起步阶段，尤其是在模型准确性和训练效率方面。在本文中，我们提出了特定对抗训练（SAT），这是一种解决这一挑战的新颖框架。具体来说，SAT 通过为每个数据点制作特定的扰动和标签来改进对抗训练的过程。有了这个，这些生成的样本可以关闭并适当地越过决策边界，同时获得理想的标签，这在对抗性训练中起到了积极的作用。实验结果表明，我们的方法可以达到 88.62% 的自然精度，而对抗精度也从 CIFAR-10 数据集中的 43.79% 提高到 52.34%。同时，与之前的工作相比，我们实现了更高的效率。