KejiaZhang-Robust
commented
4 days ago Thank you for your kind words! I’m really glad you’re finding the repository helpful. 😊
Regarding your concern about clean accuracy during adversarial training, here are a few suggestions that might help strike a better balance between clean and robust accuracy:
- Initialize with a naturally trained checkpoint: Starting adversarial training from weights obtained via standard (non-adversarial) training can often preserve clean accuracy to a greater extent. This approach has proven particularly effective for models like ViTs.
- Label smoothing: You can enable label smoothing in this project by adjusting the relevant parameters in the .yml configuration file. This technique can help reduce overfitting to adversarial samples, which may indirectly improve clean accuracy.
- Fine-tuning a naturally trained checkpoint: Instead of full adversarial training from scratch, fine-tuning a pre-trained natural model with adversarial training tends to improve robustness while minimizing the drop in clean accuracy. This works as a trade-off, so fine-tuning allows more control over this balance.
Let me know if you need further clarification or assistance with implementation details—I’d be happy to help!
Phd-man
First off, I just want to say thank you for your amazing work on this repository! I've been learning a lot from it.
I’ve noticed that no matter which method of adversarial training I use, the clean accuracy tends to be lower compared to non-adversarial scenarios. Since my project requires high clean accuracy, I was wondering if you have any tips or techniques for improving this, or if there are specific hyperparameters I should focus on tuning.