LLC Dynamics in Adversarial Training

This project aims to investigate how adversarial training affects the Local Learning Coefficient (LLC) of models and explore the relationship between LLC dynamics and adversarial robustness. We’ll also examine whether LLC can be used to detect adversarial examples or predict adversarial robustness.

Key research questions:

1. How does adversarial training affect the LLC trajectory compared to standard training?
2. Can LLC dynamics predict a model’s adversarial robustness?
3. Is there a relationship between LLC and the model’s ability to detect adversarial examples?
4. Can LLC analysis provide insights into the trade-offs between standard accuracy and adversarial robustness?

Methodology:

1. Implement standard adversarial training techniques (e.g., PGD, FGSM) for image classification models.
2. Train models with various degrees of adversarial training, tracking LLC throughout the process.
3. Analyze LLC trajectories in relation to both standard and adversarial test accuracy.
4. Investigate LLC behavior when exposed to adversarial examples during inference.
5. Explore the use of LLC for detecting adversarial examples.
6. Compare LLC dynamics across different adversarial training methods and attack types.
7. Analyze how LLC changes in different layers of the network during adversarial training.

Expected outcomes:

1. Characterization of LLC dynamics in adversarially trained models.
2. Insights into the relationship between LLC trajectories and adversarial robustness.
3. Potential development of LLC-based metrics for predicting adversarial robustness or detecting adversarial examples.
4. Better understanding of how adversarial training affects model complexity from an SLT perspective.
5. Possible identification of critical phases in adversarial training, as reflected in LLC dynamics.

This research could provide new perspectives on adversarial robustness and potentially lead to novel techniques for improving the security of machine learning models.