Maximum-Entropy Adversarial Data Augmentation for Improved Generalization and Robustness
About
Adversarial data augmentation has shown promise for training robust deep neural networks against unforeseen data shifts or corruptions. However, it is difficult to define heuristics to generate effective fictitious target distributions containing "hard" adversarial perturbations that are largely different from the source distribution. In this paper, we propose a novel and effective regularization term for adversarial data augmentation. We theoretically derive it from the information bottleneck principle, which results in a maximum-entropy formulation. Intuitively, this regularization term encourages perturbing the underlying source distribution to enlarge predictive uncertainty of the current model, so that the generated "hard" adversarial perturbations can improve the model robustness during training. Experimental results on three standard benchmarks demonstrate that our method consistently outperforms the existing state of the art by a statistically significant margin.
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Image Classification | CIFAR-100 (test) | Accuracy77.1 | 3518 | |
| Image Classification | CIFAR-10 (test) | Accuracy95.6 | 3381 | |
| Image Classification | TinyImageNet (test) | Accuracy66.9 | 366 | |
| Image Classification | SVHN (test) | Accuracy97.4 | 362 | |
| Image Classification | PACS (test) | Average Accuracy82.1 | 254 | |
| Image Classification | PACS | Overall Average Accuracy82.1 | 230 | |
| Domain Generalization | PACS (test) | Average Accuracy82.1 | 225 | |
| Domain Generalization | PACS (leave-one-domain-out) | Art Accuracy78.61 | 146 | |
| Classification | DIGITS (test) | Accuracy (SVHN)42.56 | 49 | |
| Domain Generalization | CIFAR-100-C | Accuracy57.3 | 36 |