no code implementations • 25 May 2024 • Runqi Lin, Chaojian Yu, Bo Han, Hang Su, Tongliang Liu
Catastrophic overfitting (CO) presents a significant challenge in single-step adversarial training (AT), manifesting as highly distorted deep neural networks (DNNs) that are vulnerable to multi-step adversarial attacks.
2 code implementations • NeurIPS 2023 • Runqi Lin, Chaojian Yu, Tongliang Liu
Specifically, we design a novel method, termed Abnormal Adversarial Examples Regularization (AAER), which explicitly regularizes the variation of AAEs to hinder the classifier from becoming distorted.
1 code implementation • 13 Oct 2023 • Runqi Lin, Chaojian Yu, Bo Han, Tongliang Liu
In this work, we adopt a unified perspective by solely focusing on natural patterns to explore different types of overfitting.
no code implementations • 1 Oct 2023 • Chaojian Yu, Xiaolong Shi, Jun Yu, Bo Han, Tongliang Liu
Adversarial Training (AT) is a widely-used algorithm for building robust neural networks, but it suffers from the issue of robust overfitting, the fundamental mechanism of which remains unclear.
no code implementations • 4 Oct 2022 • Chaojian Yu, Dawei Zhou, Li Shen, Jun Yu, Bo Han, Mingming Gong, Nannan Wang, Tongliang Liu
Firstly, applying a pre-specified perturbation budget on networks of various model capacities will yield divergent degree of robustness disparity between natural and robust accuracies, which deviates from robust network's desideratum.
1 code implementation • 17 Jun 2022 • Chaojian Yu, Bo Han, Li Shen, Jun Yu, Chen Gong, Mingming Gong, Tongliang Liu
Here, we explore the causes of robust overfitting by comparing the data distribution of \emph{non-overfit} (weak adversary) and \emph{overfitted} (strong adversary) adversarial training, and observe that the distribution of the adversarial data generated by weak adversary mainly contain small-loss data.
1 code implementation • 30 May 2022 • Chaojian Yu, Bo Han, Mingming Gong, Li Shen, Shiming Ge, Bo Du, Tongliang Liu
Based on these observations, we propose a robust perturbation strategy to constrain the extent of weight perturbation.
2 code implementations • ECCV 2018 • Chaojian Yu, Xinyi Zhao, Qi Zheng, Peng Zhang, Xinge You
Fine-grained visual recognition is challenging because it highly relies on the modeling of various semantic parts and fine-grained feature learning.