Research Of Improving Adversarial Training Algorithms In Deep Learning

In recent years,deep learning has made unprecedented advancements in the field of artificial intelligence,such as computer vision and natural language processing.Despite the ability of deep learning models to extract hidden features and patterns from large amounts of data,enabling predictions on unknown data,they are susceptible to adversarial attacks.Adversarial attacks involve adding small perturbations to the input of a model,deceiving the model into making incorrect predictions,posing a significant threat to deep learning applications.To address this challenge,adversarial training is a widely studied defense method in the field of AI security against adversarial attacks.The fundamental idea behind adversarial training is to incorporate adversarial samples into the training data,allowing the model to learn the characteristics of adversarial samples and thereby improving its robustness against adversarial attacks.This thesis investigates the current research status of adversarial training in deep learning and discusses the limitations of existing research.In order to further optimize adversarial training algorithms,this thesis completes two research tasks from different perspectives based on the diverse application scenarios of adversarial training: Mixed-Strategy Adversarial Training for Pre-trained Language Models and Multi-Boosted Adversarial Training for Image Classification Models.The specifics of the work are as follows:1.This thesis presents a novel approach for fine-tuning large-scale pretrained language models,namely the Mixed-Strategy Adversarial Training(MSAT)algorithm.The proposed method redefines the traditional adversarial training as a mixed-strategy game between the language model and the adversarial perturbation.By expanding the strategy space of both sides,the proposed method enhances the effectiveness of the adversarial training process.To solve the Nash equilibrium of the mixed-strategy game,this thesis employs entropy mirror descent and simplifies the iteration of the mixed-strategy distribution through Stochastic Gradient Langevin Dynamics sampling method.The resulting algorithm is practical and suitable for actual model training.Empirical evaluations conducted on the GLUE and ANLI benchmarks demonstrate that the MSAT algorithm effectively improves the generalization and robustness of the fine-tuned models.2.This thesis presents the Multi-Boosted Adversarial Training(MBAT)framework as a solution to combat multiple types of adversarial attacks on image classification models.The proposed framework leverages boosted adversarial examples combined with a range of adversarial images to train the model.This approach enhances the model’s ability to distinguish between critical pixel information and adversarial information,ultimately leading to greater robustness.Furthermore,the framework incorporates parameter regularization to prevent aggressive parameter updates during adversarial training.Experimental evaluations performed on the MNIST and CIFAR10 datasets confirm the efficacy of the MBAT framework.The model demonstrates superior defensive capabilities against various types of adversarial attacks and exhibits a decreased likelihood of losing accuracy on clean examples.The research findings presented in this thesis offer compelling theoretical and practical support for the utilization of adversarial training within the context of deep learning.It is anticipated that these results will yield significant advancements in the fields of computer vision and natural language processing.