NeurIPS 2022

Timezone: »

Poster

When Adversarial Training Meets Vision Transformers: Recipes from Training to Architecture

Yichuan Mo · Dongxian Wu · Yifei Wang · Yiwen Guo · Yisen Wang

Vision Transformers (ViTs) have recently achieved competitive performance in broad vision tasks. Unfortunately, on popular threat models, naturally trained ViTs are shown to provide no more adversarial robustness than convolutional neural networks (CNNs). Adversarial training is still required for ViTs to defend against such adversarial attacks. In this paper, we provide the first and comprehensive study on the adversarial training recipe of ViTs via extensive evaluation of various training techniques across benchmark datasets. We find that pre-training and SGD optimizer are necessary for ViTs' adversarial training. Further considering ViT as a new type of model architecture, we investigate its adversarial robustness from the perspective of its unique architectural components. We find, when randomly masking gradients from some attention blocks or masking perturbations on some patches during adversarial training, the adversarial robustness of ViTs can be remarkably improved, which may potentially open up a line of work to explore the architectural information inside the newly designed models like ViTs. Our code is available at https://github.com/mo666666/When-Adversarial-Training-Meets-Vision-Transformers.

Keywords: adversarial training · robustness · Vision transformer

[ Paper] [ Poster] [ OpenReview]

Author Information

Yichuan Mo (Peking University)

Dongxian Wu (University of Tokyo)

Yifei Wang (Peking University)

Yiwen Guo (ByteDance AI Lab)

Yisen Wang (Peking University)

More from the Same Authors

2021 Spotlight: Robust and Fully-Dynamic Coreset for Continuous-and-Bounded Learning (With Outliers) Problems »
Zixiu Wang · Yiwen Guo · Hu Ding
2022 Poster: Improving Out-of-Distribution Generalization by Adversarial Training with Structured Priors »
Qixun Wang · Yifei Wang · Hong Zhu · Yisen Wang
2022 Poster: Improving Generative Adversarial Networks via Adversarial Learning in Latent Space »
Yang Li · Yichuan Mo · Liangliang Shi · Junchi Yan
2023 Poster: Balance, Imbalance, and Rebalance: Understanding Robust Overfitting from a Minimax Game Perspective »
Yifei Wang · Liangchen Li · Jiansheng Yang · Zhouchen Lin · Yisen Wang
2023 Poster: Adversarial Examples Are Not Real Features »
Ang Li · Yifei Wang · Yiwen Guo · Yisen Wang
2023 Poster: Improving Adversarial Transferability via Intermediate-level Perturbation Decay »
Qizhang Li · Yiwen Guo · Wangmeng Zuo · Hao Chen
2023 Poster: Towards Evaluating Transfer-based Attacks Systematically, Practically, and Fairly »
Qizhang Li · Yiwen Guo · Wangmeng Zuo · Hao Chen
2023 Poster: GEQ: Gaussian Kernel Inspired Equilibrium Models »
Mingjie Li · Yisen Wang · Zhouchen Lin
2023 Poster: Architecture Matters: Uncovering Implicit Mechanisms in Graph Contrastive Learning »
Xiaojun Guo · Yifei Wang · Zeming Wei · Yisen Wang
2023 Poster: Tri-contrastive Learning: Identifiable Representation Learning with Automatic Discovery of Feature Importance »
Qi Zhang · Yifei Wang · Yisen Wang
2023 Poster: Laplacian Canonization: A Minimalist Approach to Sign and Basis Invariant Spectral Embedding »
George Ma · Yifei Wang · Yisen Wang
2022 Spotlight: Lightning Talks 6A-2 »
Yichuan Mo · Botao Yu · Gang Li · Zezhong Xu · Haoran Wei · Arsene Fansi Tchango · Raef Bassily · Haoyu Lu · Qi Zhang · Songming Liu · Mingyu Ding · Peiling Lu · Yifei Wang · Xiang Li · Dongxian Wu · Ping Guo · Wen Zhang · Hao Zhongkai · Mehryar Mohri · Rishab Goel · Yisen Wang · Yifei Wang · Yangguang Zhu · Zhi Wen · Ananda Theertha Suresh · Chengyang Ying · Yujie Wang · Peng Ye · Rui Wang · Nanyi Fei · Hui Chen · Yiwen Guo · Wei Hu · Chenglong Liu · Julien Martel · Yuqi Huo · Wu Yichao · Hang Su · Yisen Wang · Peng Wang · Huajun Chen · Xu Tan · Jun Zhu · Ding Liang · Zhiwu Lu · Joumana Ghosn · Shanshan Zhang · Wei Ye · Ze Cheng · Shikun Zhang · Tao Qin · Tie-Yan Liu
2022 Spotlight: How Mask Matters: Towards Theoretical Understandings of Masked Autoencoders »
Qi Zhang · Yifei Wang · Yisen Wang
2022 Spotlight: When Adversarial Training Meets Vision Transformers: Recipes from Training to Architecture »
Yichuan Mo · Dongxian Wu · Yifei Wang · Yiwen Guo · Yisen Wang
2022 Spotlight: Lightning Talks 5A-2 »
Qiang LI · Zhiwei Xu · Jia-Qi Yang · Thai Hung Le · Haoxuan Qu · Yang Li · Artyom Sorokin · Peirong Zhang · Mira Finkelstein · Nitsan levy · Chung-Yiu Yau · dapeng li · Thommen Karimpanal George · De-Chuan Zhan · Nazar Buzun · Jiajia Jiang · Li Xu · Yichuan Mo · Yujun Cai · Yuliang Liu · Leonid Pugachev · Bin Zhang · Lucy Liu · Hoi-To Wai · Liangliang Shi · Majid Abdolshah · Yoav Kolumbus · Lin Geng Foo · Junchi Yan · Mikhail Burtsev · Lianwen Jin · Yuan Zhan · Dung Nguyen · David Parkes · Yunpeng Baiia · Jun Liu · Kien Do · Guoliang Fan · Jeffrey S Rosenschein · Sunil Gupta · Sarah Keren · Svetha Venkatesh
2022 Spotlight: Improving Generative Adversarial Networks via Adversarial Learning in Latent Space »
Yang Li · Yichuan Mo · Liangliang Shi · Junchi Yan
2022 Spotlight: Lightning Talks 1B-3 »
Chaofei Wang · Qixun Wang · Jing Xu · Long-Kai Huang · Xi Weng · Fei Ye · Harsh Rangwani · shrinivas ramasubramanian · Yifei Wang · Qisen Yang · Xu Luo · Lei Huang · Adrian G. Bors · Ying Wei · Xinglin Pan · Sho Takemori · Hong Zhu · Rui Huang · Lei Zhao · Yisen Wang · Kato Takashi · Shiji Song · Yanan Li · Rao Anwer · Yuhei Umeda · Salman Khan · Gao Huang · Wenjie Pei · Fahad Shahbaz Khan · Venkatesh Babu R · Zenglin Xu
2022 Spotlight: Improving Out-of-Distribution Generalization by Adversarial Training with Structured Priors »
Qixun Wang · Yifei Wang · Hong Zhu · Yisen Wang
2022 Poster: How Mask Matters: Towards Theoretical Understandings of Masked Autoencoders »
Qi Zhang · Yifei Wang · Yisen Wang
2021 Poster: Dissecting the Diffusion Process in Linear Graph Convolutional Networks »
Yifei Wang · Yisen Wang · Jiansheng Yang · Zhouchen Lin
2021 Poster: Adversarial Neuron Pruning Purifies Backdoored Deep Models »
Dongxian Wu · Yisen Wang
2021 Poster: Robust and Fully-Dynamic Coreset for Continuous-and-Bounded Learning (With Outliers) Problems »
Zixiu Wang · Yiwen Guo · Hu Ding
2021 Poster: Residual Relaxation for Multi-view Representation Learning »
Yifei Wang · Zhengyang Geng · Feng Jiang · Chuming Li · Yisen Wang · Jiansheng Yang · Zhouchen Lin
2020 Poster: Backpropagating Linearly Improves Transferability of Adversarial Examples »
Yiwen Guo · Qizhang Li · Hao Chen
2020 Poster: Adversarial Weight Perturbation Helps Robust Generalization »
Dongxian Wu · Shu-Tao Xia · Yisen Wang
2020 Poster: Practical No-box Adversarial Attacks against DNNs »
Qizhang Li · Yiwen Guo · Hao Chen
2019 Poster: DATA: Differentiable ArchiTecture Approximation »
Jianlong Chang · xinbang zhang · Yiwen Guo · GAOFENG MENG · SHIMING XIANG · Chunhong Pan
2019 Poster: Subspace Attack: Exploiting Promising Subspaces for Query-Efficient Black-box Attacks »
Yiwen Guo · Ziang Yan · Changshui Zhang