Adversarial training (AT) methods have been found to be effective against adversarial attacks on deep neural networks. Many variants of AT have been proposed to improve its performance. Pang et al. [1] have recently shown that incorporating hypersphere embedding (HE) into the existing AT procedures enhances robustness. We observe that the existing AT procedures are not designed for the HE framework, and thus fail to adequately learn the angular discriminative information available in the HE framework. In this paper, we propose integrating HE into AT with regularization terms that exploit the rich angular information available in the HE framework. Specifically, our method, termed angular-AT, adds regularization terms to AT that explicitly enforce weight-feature compactness and inter-class separation; all expressed in terms of angular features. Experimental results show that angular-AT further improves adversarial robustness.

翻译：对抗训练（AT）方法已被证明能有效防御针对深度神经网络的对抗攻击。为提升性能，研究者提出了多种AT变体。Pang等人[1]近期研究表明，将超球面嵌入（HE）融入现有AT流程可增强鲁棒性。我们观察到，现有AT流程并非针对HE框架设计，因此无法充分学习HE框架中蕴含的角度判别信息。本文提出将HE与AT相结合，并通过正则化项挖掘HE框架中丰富的角度信息。具体而言，我们提出的angular-AT方法向AT添加了正则化项，显式增强权重-特征紧致性与类间分离性——所有项均以角度特征形式表达。实验结果表明，angular-AT进一步提升了对抗鲁棒性。