In this work, we consider model robustness of deep neural networks against adversarial attacks from a global manifold perspective. Leveraging both the local and global latent information, we propose a novel adversarial training method through robust optimization, and a tractable way to generate Latent Manifold Adversarial Examples (LMAEs) via an adversarial game between a discriminator and a classifier. The proposed adversarial training with latent distribution (ATLD) method defends against adversarial attacks by crafting LMAEs with the latent manifold in an unsupervised manner. ATLD preserves the local and global information of latent manifold and promises improved robustness against adversarial attacks. To verify the effectiveness of our proposed method, we conduct extensive experiments over different datasets (e.g., CIFAR-10, CIFAR-100, SVHN) with different adversarial attacks (e.g., PGD, CW), and show that our method substantially outperforms the state-of-the-art (e.g., Feature Scattering) in adversarial robustness by a large accuracy margin. The source codes are available at https://github.com/LitterQ/ATLD-pytorch.

通过全局流形的视角考虑深度神经网络对抗攻击的模型鲁棒性问题，提出了一种新的对抗训练方法ATLD，该方法在不受监督的情况下，利用了本地和全局潜在信息，通过对抗游戏生成潜在流形对抗性实例，保留了流形的局部和全局信息，具有良好的鲁棒性，实验结果表明该方法在多个数据集上显著优于现有技术。

通过局部和全局潜在分布提高模型的鲁棒性