Enhancing Adversarial Robustness for Deep Metric Learning through Adaptive Adversarial Strategy

Abstract

Due to the security implications of adversarial vulnerability, it is essential to enhance the adversarial robustness of deep metric learning models. Existing defense approaches adopt Projected Gradient Decent (PGD) with handcrafted fixed attack strategies to generate adversarial triplets. They learn inefficiently from a weak adversary in order to avoid model collapse owing to extremely challenging adversarial triplets, thereby limiting the robustness of the deep metric model. In this paper, we propose a novel Adaptive Adversarial Strategy (AAS) for deep metric learning that can learn automatically to produce attack strategies for adversarial triplet generation of varying difficulties. We use a classical actor-critic network in the AAS framework, in which the actor network produces attack strategies to control adversarial triplet generation and the critic network utilizes adversarial triplets to enhance adversarial robustness. Comprehensive experiment results on two benchmark datasets indicate that our proposed adaptive adversarial strategy for deep metric learning overwhelmingly outperforms the most advanced defenses in terms of robustness as well as performance on benign triplets.