Achieving high model robustness under adversarial settings is widely recognized as demanding considerable training samples. Recent works propose semi-supervised adversarial training (SSAT) methods with external unlabeled or synthetically generated data, which are the current state-of-the-art. However, SSAT requires substantial extra data to attain high robustness, resulting in prolonged training time and increased memory usage. In this paper, we propose unlabeled data reduction strategies to improve the efficiency of SSAT. Specifically, we design novel latent clustering-based techniques to select or generate a small critical subset of data samples near the model's decision boundary. While focusing on boundary-adjacent points, our methods maintain a balanced ratio between boundary and non-boundary data points to avoid overfitting. Comprehensive experiments on benchmark datasets demonstrate that our methods can significantly reduce SSAT's data requirement and computation costs while preserving its strong robustness advantages. In particular, our latent-space selection scheme based on k-means clustering and our guided DDPM fine-tuning approach with LCG-KM are the most effective, achieving nearly identical robust accuracies with 5x to 10x less unlabeled data and approximately 4x less total runtime.

翻译：在对抗环境下实现高模型鲁棒性被广泛认为需要大量训练样本。近期研究提出了利用外部未标记或合成生成数据的半监督对抗训练方法，代表了当前最先进水平。然而，SSAT需要大量额外数据才能达到高鲁棒性，导致训练时间延长和内存使用增加。本文提出未标记数据约简策略以提升SSAT效率。具体而言，我们设计了新颖的基于潜在聚类的技术，用于选择或生成模型决策边界附近的关键数据子集。在聚焦边界邻近点的同时，我们的方法通过保持边界与非边界数据点的平衡比例来避免过拟合。在基准数据集上的综合实验表明，我们的方法能显著降低SSAT的数据需求和计算成本，同时保持其强大的鲁棒性优势。特别地，我们基于k-means聚类的潜在空间选择方案，以及结合LCG-KM的引导式DDPM微调方法最为有效，仅需1/5至1/10的未标记数据和约1/4的总运行时间，即可获得几乎相同的鲁棒精度。