Powerful & Generalizable, Why not both? VA: Various Attacks Framework for Robust Adversarial Training

Samer Khamaiseh; Deirdre Jost; Abdullah Al-Alaj; Ahmed Aleroud

doi:10.5220/0013146800003890

Powerful & Generalizable, Why not both? VA: Various Attacks Framework for Robust Adversarial Training

Samer Khamaiseh, Deirdre Jost, Abdullah Al-Alaj, Ahmed Aleroud

2025

Abstract

Due to its effectiveness, adversarial training (AT) is becoming the first choice to improve the robustness of deep learning models against adversarial attacks. AT is formulated as a min-max optimization problem. The performance of AT is essentially reliant on the inner optimization problem (i.e., max optimization), which re-quires the generation of adversarial examples. Most AT methods rely on a single attack to craft these examples neglecting the impact of image-class robustness on the adversarial training. This oversight led to shortcomings such as poor generalization on both perturbed and clean data, unreliable robustness against unseen adversarial attacks, and limited exploration of the perturbation space. Therefore, an investigation and analysis of AT robustness via adapting various attacks based on image-class robustness is still unaddressed. In this paper, we propose Various Attacks (VA), a novel framework for a robust and generalizable adversarial training based on image-class robustness. Our framework introduces two novel components: Advanced Curriculum Training (ACT), which ensures the diversity of adversarial attacks by gradually increasing attack strength while rotating through these attacks, and Class-Attack Assignment (CAA), which adaptively determines and assigns the optimal adversarial attack to each image-class to maximize the loss. The proposed framework trains image classification neural networks using a variety of adversarial attacks that significantly improve the generalization robustness. The results of experiments on two benchmark datasets show the superiority of the VA framework over state-of-the-art adversarial training methods.

Download

Paper Citation

in Harvard Style

Khamaiseh S., Jost D., Al-Alaj A. and Aleroud A. (2025). Powerful & Generalizable, Why not both? VA: Various Attacks Framework for Robust Adversarial Training. In Proceedings of the 17th International Conference on Agents and Artificial Intelligence - Volume 2: ICAART; ISBN 978-989-758-737-5, SciTePress, pages 228-239. DOI: 10.5220/0013146800003890

in Bibtex Style

@conference{icaart25,
author={Samer Khamaiseh and Deirdre Jost and Abdullah Al-Alaj and Ahmed Aleroud},
title={Powerful & Generalizable, Why not both? VA: Various Attacks Framework for Robust Adversarial Training},
booktitle={Proceedings of the 17th International Conference on Agents and Artificial Intelligence - Volume 2: ICAART},
year={2025},
pages={228-239},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013146800003890},
isbn={978-989-758-737-5},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 17th International Conference on Agents and Artificial Intelligence - Volume 2: ICAART
TI - Powerful & Generalizable, Why not both? VA: Various Attacks Framework for Robust Adversarial Training
SN - 978-989-758-737-5
AU - Khamaiseh S.
AU - Jost D.
AU - Al-Alaj A.
AU - Aleroud A.
PY - 2025
SP - 228
EP - 239
DO - 10.5220/0013146800003890
PB - SciTePress