Adversarial training (AT) is one of the most effective defenses against adversarial attacks for deep learning models. In this work, we advocate incorporating the hypersphere embedding (HE) mechanism into the AT procedure by regularizing the features onto compact manifolds, which constitutes a lightweight yet effective module to blend in the strength of representation learning. Our extensive analyses reveal that AT and HE are well coupled to benefit the robustness of the adversarially trained models from several aspects. We validate the effectiveness and adaptability of HE by embedding it into the popular AT frameworks including PGD-AT, ALP, and TRADES, as well as the FreeAT and FastAT strategies. In the experiments, we evaluate our methods under a wide range of adversarial attacks on the CIFAR-10 and ImageNet datasets, which verifies that integrating HE can consistently enhance the model robustness for each AT framework with little extra computation.

翻译：在这项工作中,我们主张将高超球(HE)机制纳入AT程序,将功能正规化为紧凑的方块,这构成一种轻量、但有效的模块,可以融入代表性学习的力量。我们的广泛分析表明,ATT和HE在几个方面都很好地结合在一起,有利于经过对立训练的模型的稳健性。我们通过将它纳入广受欢迎的AT框架,包括PGD-AT、ALP、TradeS以及FreeAT和FastAT战略,来验证他的有效性和适应性。在实验中,我们评估了我们在对CIFAR-10和图像网络数据集的广泛对抗性攻击下的方法,这些攻击证明将HE纳入到每个AT框架的模型稳健性,而很少进行额外的计算。