ML Security PapersQuadratic Upper Bound for Boosting Robustness
Published on arXiv
2601.13645
Input Manipulation Attack
OWASP ML Top 10 — ML01
Key Finding
Applying QUB loss to existing fast adversarial training methods yields significant robustness improvements while maintaining training efficiency, attributable to a smoothened perturbation loss landscape.
QUB (Quadratic Upper Bound)
Novel technique introduced
Fast adversarial training (FAT) aims to enhance the robustness of models against adversarial attacks with reduced training time, however, FAT often suffers from compromised robustness due to insufficient exploration of adversarial space. In this paper, we develop a loss function to mitigate the problem of degraded robustness under FAT. Specifically, we derive a quadratic upper bound (QUB) on the adversarial training (AT) loss function and propose to utilize the bound with existing FAT methods. Our experimental results show that applying QUB loss to the existing methods yields significant improvement of robustness. Furthermore, using various metrics, we demonstrate that this improvement is likely to result from the smoothened loss landscape of the resulting model.
Key Contributions
- Derivation of a quadratic upper bound (QUB) on the adversarial training loss using the convexity of cross-entropy loss with respect to logits
- A plug-in QUB loss that replaces the standard AT loss in existing fast adversarial training methods without substantially increasing training time
- Empirical and metric-based analysis showing QUB improves robustness by smoothing the model's loss landscape with respect to perturbations
🛡️ Threat Analysis
Proposes a defense against adversarial input manipulation attacks via a new adversarial training loss function (QUB); the paper directly addresses improving model robustness against FGSM/PGD-style adversarial examples at inference time.