Abstract
Recent developments in neural architecture search (NAS) emphasize the significance of considering robust architectures against malicious data. However, there is a notable absence of benchmark evaluations and theoretical guarantees for searching these robust architectures, especially when adversarial training is considered. In this work, we aim to address these two challenges, making twofold contributions. First, we release a comprehensive data set that encompasses both clean accuracy and robust accuracy for a vast array of adversarially trained networks from the NAS-Bench-201 search space on image datasets. Then, leveraging the neural tangent kernel (NTK) tool from deep learning theory, we establish a generalization theory for searching architecture in terms of clean accuracy and robust accuracy under multi-objective adversarial training. We firmly believe that our benchmark and theoretical insights will significantly benefit the NAS community through reliable reproducibility, efficient assessment, and theoretical foundation, particularly in the pursuit of robust architectures.
Abstract (translated)
近年来,神经架构搜索(NAS)的发展强调了考虑恶意数据对健壮架构的重要性。然而,在考虑对抗性训练时,尤其是在 NAS-Bench-201 搜索空间上,目前缺乏针对这些健壮架构的基准评估和理论保证。在这项工作中,我们旨在解决这两个挑战,做出双重的贡献。我们发布了涵盖 NAS-Bench-201 搜索空间中大量对抗性训练网络的完整数据集,这些网络在图像数据集上的准确性和健壮性都得到了评估。然后,利用深度学习理论中的神经凸度核(NTK)工具,我们在多目标对抗性训练下建立了关于清洁准确性和健壮准确性的通用搜索理论。我们坚信,通过可靠的重复性和高效的评估,以及理论基础,我们的基准和理论见解将显著有益于 NAS 社区,特别是在追求健壮架构方面。
URL
https://arxiv.org/abs/2403.13134
