Improving Adversarial Robustness With Adversarial Augmentations

Deep neural network (DNN)-based applications are extensively being researched and applied in the Internet of Things (IoT) devices in daily lives due to impressive performance. Recently, adversarial attacks pose a significant threat to the security of deep neural networks (DNNs), adversarial training has emerged as a promising and effective defense approach for defending against such attacks. However, existing adversarial training methods have shown limited success in defending against attacks unseen during training, thereby undermining their effectiveness. Besides, generating adversarial perturbations for adversarial training requires massive expensive labeled data, which is a critical obstacle in the robust DNNs-based IoT applications. In this article, we first explore the effective data augmentations by implementing adversarial attacks with self-supervised in latent space. Then, we propose new loss metric functions that can avoid collapse phenomenon of contrastive learning (CL) by measuring the distances between adversarial augmented pairs. Based on the extracted adversarial features in self-supervised CL, we propose a novel adversarial robust learning (ARL) method, which implements adversarial training without any labels and obtains more general robust encoder network. Our approach is validated on commonly used benchmark data sets and models, where it achieves comparable adversarial robustness against different adversarial attacks when compared to supervised adversarial training methods. Additionally, ARL outperforms state-of-the-art self-supervised adversarial learning techniques in terms of achieving higher robustness and clean prediction accuracy for the downstream classification task.