Calibrated Adversarial Sampling: Multi-Armed Bandit-Guided Generalization Against Unforeseen Attacks

Deep Neural Networks (DNNs) are known to be vulnerable to various adversarial perturbations. To address the safety concerns arising from these vulnerabilities, adversarial training (AT) has emerged as one of the most effective paradigms for enhancing the robustness of DNNs. However, existing AT frameworks primarily focus on a single or a limited set of attack types, leaving DNNs still exposed to attack types that may be encountered in practice but not addressed during training. In this paper, we propose an efficient fine-tuning method called Calibrated Adversarial Sampling (CAS) to address these issues. From the optimization perspective within the multi-armed bandit framework, it dynamically designs rewards and balances exploration and exploitation by considering the dynamic and interdependent characteristics of multiple robustness dimensions. Experiments on benchmark datasets show that CAS achieves superior overall robustness while maintaining high clean accuracy, providing a new paradigm for robust generalization of DNNs.

Key Contributions

• Proposes Calibrated Adversarial Sampling (CAS), a fine-tuning method that frames adversarial attack selection as a multi-armed bandit problem to balance exploration and exploitation across multiple attack types.
• Dynamically designs rewards reflecting the interdependent robustness dimensions of multiple attack types to guide training toward generalized robustness.
• Achieves superior robustness generalization to unforeseen attack types while maintaining high clean accuracy on benchmark datasets.

🛡️ Threat Analysis

Details

Similar Papers