Adversarial Robustness against Multiple and Single $l_p$-Threat Models via Quick Fine-Tuning of Robust Classifiers. (arXiv:2105.12508v2 [cs.LG] UPDATED)

A major drawback of adversarially robust models, in particular for large
scale datasets like ImageNet, is the extremely long training time compared to
standard ones. Moreover, models should be robust not only to one $l_p$-threat
model but ideally to all of them. In this paper we propose Extreme norm
Adversarial Training (E-AT) for multiple-norm robustness which is based on
geometric properties of $l_p$-balls. E-AT costs up to three times less than
other adversarial training methods for multiple-norm robustness. Using E-AT …

adversarial lg robustness single threat threat models