Adversarial Robustness Via Attention Transfer

Deep neural networks are known to be vulnerable to adversarial attacks. The empirical analysis in our study suggests that attacks tend to induce diverse network architectures to shift the attention to irrel-evant regions. Motivated by this observation, we propose a regularization technique which enforces the attentions to be well aligned via the knowledge transfer mechanism, thereby encouraging the robustness. Resultant model exhibits unprecedented robustness, securing 63.81 % adversarial accuracy where the prior art is 51.59 % on CIFAR-10 dataset under PGD attacks. In addition, we go beyond performance to analyti-cally investigate the proposed method as an effective def ense. Significantly flattened loss landscape can be observed, demonstrating the promise of the proposed method for improving robustness and thus the deployment in security-sensitive settings.(c) 2021 Elsevier B.V. All rights reserved.