Improving Adversarial Robustness with Self-Paced Hard-Class Pair Reweighting

Deep Neural Networks are vulnerable to adversarial attacks. Among many defense strategies, training with untargeted attacks is one of the most effective methods. Theoretically, perturbation in can be added along arbitrary directions and predicted labels should unpredictable. However, we find that naturally imbalanced inter-class semantic similarity makes those hard-class pairs become virtual targets each other. This study investigates impact such closely-coupled classes on develops a self-paced reweighting strategy accordingly. Specifically, propose upweight pair losses model optimization, which prompts learning discriminative features from hard classes. We further incorporate term quantify consistency training, greatly boosts robustness. Extensive experiments show proposed method achieves superior robustness performance over state-of-the-art defenses against wide range The code SPAT published at https://github.com/puerrrr/Self-Paced-Adversarial-Training.