In this paper, we investigate on improving the adversarial robustness obtained in adversarial training (AT) via reducing the difficulty of optimization. To better study this problem, we build a novel Bregman divergence perspective for AT, in which AT can be viewed as the sliding process of the training data points on the negative entropy curve. Based on this perspective, we analyze the learning objectives of two typical AT methods, i.e., PGD-AT and TRADES, and we find that the optimization process of TRADES is easier than PGD-AT for that TRADES separates PGD-AT. In addition, we discuss the function of entropy in TRADES, and we find that models with high entropy can be better robustness learners. Inspired by the above findings, we propose two methods, i.e., FAIT and MER, which can both not only reduce the difficulty of optimization under the 10-step PGD adversaries, but also provide better robustness. Our work suggests that reducing the difficulty of optimization under the 10-step PGD adversaries is a promising approach for enhancing the adversarial robustness in AT.

翻译：本文从降低优化难度的角度出发，探索如何提升对抗训练（AT）所获得的对抗鲁棒性。为深入研究该问题，我们构建了一种新颖的布雷格曼散度视角来审视AT，在此视角下，AT可视为训练数据点在负熵曲线上的滑动过程。基于这一视角，我们分析了两种典型AT方法（即PGD-AT和TRADES）的学习目标，发现TRADES的优化过程比PGD-AT更简单，原因在于TRADES对PGD-AT进行了分离。此外，我们讨论了熵在TRADES中的作用，并发现具有高熵的模型能成为更好的鲁棒性学习者。受上述发现的启发，我们提出了两种方法——FAIT和MER，这两种方法不仅能降低在10步PGD对抗攻击下的优化难度，还能提供更强的鲁棒性。我们的研究表明，降低在10步PGD对抗攻击下的优化难度是提升AT中对抗鲁棒性的一种有前景的方法。