Robust Single-Step Adversarial Training with Regularizer

High cost of training time caused by multi-step adversarial example generation is a major challenge in training. Previous methods try to reduce the computational burden using single-step schemes, which can effectively improve efficiency but also introduce problem “catastrophic overfitting”, where robust accuracy against Fast Gradient Sign Method (FGSM) achieve nearby 100% whereas Projected Descent (PGD) suddenly drops 0% over single epoch. To address this issue, we focus on scheme paper and propose novel with PGD Regularization (FGSMPR) boost without catastrophic overfitting. Our core observation that not simultaneously learn internal representations FGSM examples. Therefore, design regularization term encourage similar embeddings The experiments demonstrate our proposed method train deep network for \(L_{\infty }\)-perturbations gap