Adversarial data augmentation has shown promise for training robust deep neural networks against unforeseen data shifts or corruptions. However, it is difficult to define heuristics to generate effective fictitious target distributions containing "hard" adversarial perturbations that are largely different from the source distribution. In this paper, we propose a novel and effective regularization term for adversarial data augmentation. We theoretically derive it from the information bottleneck principle, which results in a maximum-entropy formulation. Intuitively, this regularization term encourages perturbing the underlying source distribution to enlarge predictive uncertainty of the current model, so that the generated "hard" adversarial perturbations can improve the model robustness during training. Experimental results on three standard benchmarks demonstrate that our method consistently outperforms the existing state of the art by a statistically significant margin.

本文提出了基于信息瓶颈原理的最大熵正则化方法用于敌对数据增强, 通过扩大模型预测不确定性来产生“难”的敌对扰动, 提升模型鲁棒性, 并在三个基准测试中实现了比现有技术显著的优越性能。

用最大熵对抗数据增强来提高泛化能力和鲁棒性