Adversarial training is one of the most effective methods for enhancing model robustness. Recent approaches incorporate adversarial distillation in adversarial training architectures. However, we notice two scenarios of defense methods that limit their performance: (1) Previous methods primarily use static ground truth for adversarial training, but this often causes robust overfitting; (2) The loss functions are either Mean Squared Error or KL-divergence leading to a sub-optimal performance on clean accuracy. To solve those problems, we propose a dynamic label adversarial training (DYNAT) algorithm that enables the target model to gradually and dynamically gain robustness from the guide model's decisions. Additionally, we found that a budgeted dimension of inner optimization for the target model may contribute to the trade-off between clean accuracy and robust accuracy. Therefore, we propose a novel inner optimization method to be incorporated into the adversarial training. This will enable the target model to adaptively search for adversarial examples based on dynamic labels from the guiding model, contributing to the robustness of the target model. Extensive experiments validate the superior performance of our approach.

本研究针对对抗训练中静态真值导致的鲁棒性过拟合和损失函数选择不当的问题，提出了一种动态标签对抗训练(DYNAT)算法。这一新方法通过动态决策增强目标模型的鲁棒性，与引导模型的动态标签结合，使目标模型能够更有效地寻找对抗实例，从而显著提高了模型在干净数据上的准确性和鲁棒准确性。

针对对抗攻击的深度学习鲁棒性动态标签对抗训练