TasksSotADatasetsPapersMethodsSubmitAbout
Papers With Code 2

A community resource for machine learning research: papers, code, benchmarks, and state-of-the-art results.

Explore

Notable BenchmarksAll SotADatasetsPapersMethods

Community

Submit ResultsAbout

Data sourced from the PWC Archive (CC-BY-SA 4.0). Built by the community, for the community.

Papers/Adversarial Training for Free!

Adversarial Training for Free!

Ali Shafahi, Mahyar Najibi, Amin Ghiasi, Zheng Xu, John Dickerson, Christoph Studer, Larry S. Davis, Gavin Taylor, Tom Goldstein

2019-04-29NeurIPS 2019 12Adversarial DefenseDomain GeneralizationAdversarial AttackGeneral Classification
PaperPDFCodeCode(official)CodeCode(official)CodeCode

Abstract

Adversarial training, in which a network is trained on adversarial examples, is one of the few defenses against adversarial attacks that withstands strong attacks. Unfortunately, the high cost of generating strong adversarial examples makes standard adversarial training impractical on large-scale problems like ImageNet. We present an algorithm that eliminates the overhead cost of generating adversarial examples by recycling the gradient information computed when updating model parameters. Our "free" adversarial training algorithm achieves comparable robustness to PGD adversarial training on the CIFAR-10 and CIFAR-100 datasets at negligible additional cost compared to natural training, and can be 7 to 30 times faster than other strong adversarial training methods. Using a single workstation with 4 P100 GPUs and 2 days of runtime, we can train a robust model for the large-scale ImageNet classification task that maintains 40% accuracy against PGD attacks. The code is available at https://github.com/ashafahi/free_adv_train.

Results

TaskDatasetMetricValueModel
Domain AdaptationVizWiz-ClassificationAccuracy - All Images26.7ResNet-50 (adv-train-free)
Domain AdaptationVizWiz-ClassificationAccuracy - Clean Images30.9ResNet-50 (adv-train-free)
Domain AdaptationVizWiz-ClassificationAccuracy - Corrupted Images20.5ResNet-50 (adv-train-free)
Domain GeneralizationVizWiz-ClassificationAccuracy - All Images26.7ResNet-50 (adv-train-free)
Domain GeneralizationVizWiz-ClassificationAccuracy - Clean Images30.9ResNet-50 (adv-train-free)
Domain GeneralizationVizWiz-ClassificationAccuracy - Corrupted Images20.5ResNet-50 (adv-train-free)

Related Papers

Simulate, Refocus and Ensemble: An Attention-Refocusing Scheme for Domain Generalization2025-07-17GLAD: Generalizable Tuning for Vision-Language Models2025-07-17MoTM: Towards a Foundation Model for Time Series Imputation based on Continuous Modeling2025-07-17InstructFLIP: Exploring Unified Vision-Language Model for Face Anti-spoofing2025-07-16Bridging Robustness and Generalization Against Word Substitution Attacks in NLP via the Growth Bound Matrix Approach2025-07-143DGAA: Realistic and Robust 3D Gaussian-based Adversarial Attack for Autonomous Driving2025-07-14From Physics to Foundation Models: A Review of AI-Driven Quantitative Remote Sensing Inversion2025-07-11VIP: Visual Information Protection through Adversarial Attacks on Vision-Language Models2025-07-11