Training an ensemble of diverse sub-models has been empirically demonstrated as an effective strategy for improving the adversarial robustness of deep neural networks. However, current ensemble training methods for image recognition typically encode image labels using one-hot vectors, which overlook dependency relationships between the labels. In this paper, we propose a novel adversarial en-semble training approach that jointly learns the label dependencies and member models. Our approach adaptively exploits the learned label dependencies to pro-mote diversity among the member models. We evaluate our approach on widely used datasets including MNIST, FashionMNIST, and CIFAR-10, and show that it achieves superior robustness against black-box attacks compared to state-of-the-art methods. Our code is available at https://github.com/ZJLAB-AMMI/LSD.

翻译：通过训练多样化的子模型集成，已被实验证明是提升深度神经网络对抗鲁棒性的有效策略。然而，当前用于图像识别的集成训练方法通常采用独热向量编码图像标签，忽略了标签之间的依赖关系。本文提出了一种新颖的对抗集成训练方法，可联合学习标签依赖与成员模型。该方法自适应地利用学到的标签依赖关系来促进成员模型的多样性。我们在MNIST、FashionMNIST和CIFAR-10等广泛使用的数据集上进行了评估，结果表明，与现有最先进方法相比，本方法对黑盒攻击具有更优越的鲁棒性。我们的代码可在 https://github.com/ZJLAB-AMMI/LSD 获取。