Kaggleで使用される敵対学習方法AWPの論文解説と実装解説 ~Adversarial Weight Perturbation Helps Robust Generalization~

Transcript

1. .BTBLJ
   "PUB
   /JLLFJ
   JOD
   
   ೔ܦ৽ฉ
   
   ཱڭେֶ
   ߹ಉਂ૚ֶशษڧձ
   !
   ୍ݚڀࣨ
   
   ,BHHMFͰ࢖༻͞ΕΔ 
 ఢରֶशํ๏
   "81
   ͷ 
 ࿦จղઆͱ࣮૷ղઆ "EWFSTBSJBM
   8FJHIU
   1FSUVSCBUJPO
   )FMQT
   3PCVTU
   (FOFSBMJ[BUJPO 

   ؔ࿈ϦϯΫ
   BS9JW
   /FVS*14
   (JU)VC
   ,BHHMF൛

2. ࣗݾ঺հ ੨ా
   խً
   .BTBLJ
   "PUB  w ೔ຊܦࡁ৽ฉࣾ
   ೔ܦΠϊϕʔγϣϯɾϥϘ
   ݚڀ։ൃ෦ୂ
   w ࢴ໘ϏϡʔΞʔͷ0$3Τϯδϯ։ൃ
   

   w ΩϟογϡϑϩʔγϛϡϨʔγϣϯͳͲͷࣄۀධՁ
   ͳͲ
   w εΩϧ
   w "U$PEFSਫ৭
   ,BHHMF
   &YQFSU
   w ࢿ֨౳
   Ԡ༻৘ใɺ฽هڃɺ'1ڃ

3. ໨࣍   ఢରతࣄྫͷ঺հ
   ͓࿩͚ͩ
   w "EWFSTBSJBM
   &YBNQMFʹؔ͢Δࣄલ஌ࣝΛಋೖ
    ࿦จղઆ
   

   ਺͕ࣜొ৔
   w "EWFSTBSJBM
   8FJHIU
   1FSUVSCBUJPO 
 )FMQT
   3PCVTU
   (FOFSBMJ[BUJPO
    ࣮૷ղઆ
   ࣮૷͕ొ৔
   w ,BHHMFͰ༻͍ΒΕΔ࣮૷Λ࿦จͷ਺ࣜͱରԠͤͯ͞ղઆ

4. ໨࣍   ఢରతࣄྫͷ঺հ
   ͓࿩͚ͩ
   w "EWFSTBSJBM
   &YBNQMFʹؔ͢Δࣄલ஌ࣝΛಋೖ
    ࿦จղઆ
   

   ਺͕ࣜొ৔
   w "EWFSTBSJBM
   8FJHIU
   1FSUVSCBUJPO 
 )FMQT
   3PCVTU
   (FOFSBMJ[BUJPO
    ࣮૷ղઆ
   ࣮૷͕ొ৔
   w ,BHHMFͰ༻͍ΒΕΔ࣮૷Λ࿦จͷ਺ࣜͱରԠͤͯ͞ղઆ

5. ੈքҰ༗໊ͳςφΨβϧ ఢରతࣄྫͷྫࣔ  Ian J. Goodfellow +, Explaining and Harnessing

   Adversarial Examples, 2014 ύϯμͷը૾ʹ ਓؒʹ͸Θ͔Βͳ͍ఔ౓ͷ 
 ઁಈ ϊΠζ ΛՃ͑Δͱ ςφΨβϧͱ
   ޡೝࣝ͢Δ

6. ఢରతࣄྫ΋ֶशʹՃ͑Δͱ൚Խੑೳ্͕͕Δ ఢରతࣄྫ͸ֶशΛؤ݈ʹ͢Δ  Ian J. Goodfellow +, Explaining and Harnessing

   Adversarial Examples, 2014 ྆ํΛ
   QBOEB
   ͱֶͯ͠शͤ͞ΔͱɺఢରతࣄྫҎ֎ʹର͢Δ 
 ൚Խੑೳ΋޲্͢Δ͜ͱ͕ܦݧతʹ஌ΒΕ͍ͯΔɻ
   
   111.ίϯϖͰ΋ۚϝμϧΛऔͬͨνʔϜͷ൒෼Ҏ্͸ 
 ఢରతࣄྫΛֶशʹՃ͍͑ͯͨɻ

7. αϯϓϧͷํͰ͸ͳ͘ϞσϧʹޡΒͤΔ͜ͱ΋Մೳ Ϟσϧʹ΋ઁಈΛՃ͑Δ  w v w + v  ͋ΔϞσϧͷॏΈʹ

   ͋ΔछͷઁಈΛ 
 Ճ͑Δͱ ѱ͍ϞσϧʹͳΔ ֶशதʹϞσϧ͕ѱ͘ͳ͍Α͏ʹઁಈΛՃֶ͑ͭͭश͢Δͱɺ
   ൚Խੑೳ্͕͕Δͱ͍͏࿦จΛ͜Ε͔Βղઆ
   
   χϡʔϥϧωοτΛલఏʹ͓࿩͠͠·͢

8. ໨࣍   ఢରతࣄྫͷ঺հ
   ͓࿩͚ͩ
   w "EWFSTBSJBM
   &YBNQMFʹؔ͢Δࣄલ஌ࣝΛಋೖ
    ࿦จղઆ
   

   ਺͕ࣜొ৔
   w "EWFSTBSJBM
   8FJHIU
   1FSUVSCBUJPO 
 )FMQT
   3PCVTU
   (FOFSBMJ[BUJPO
    ࣮૷ղઆ
   ࣮૷͕ొ৔
   w ,BHHMFͰ༻͍ΒΕΔ࣮૷Λ࿦จͷ਺ࣜͱରԠͤͯ͞ղઆ

9. ࿦จͷ֓ཁ  ఢରతࣄྫʹର͢Δؤ݈ੑ͕ߴ·ͬͨ ໨త ఢରతࣄྫʹର͢Δؤ݈ੑΛߴΊ͍ͨ طଘݚڀ ఢରతࣄྫΛ࡞ֶͬͯशʹՃ͑Δख๏͕ଟ͔ͬͨ ܦݧత 
 ࣄ࣮

   ٻ·ͬͨॏΈͷपล͕ΑΓฏΒͳଛࣦʹͳΔ৔߹ɺ
   ఢରతࣄྫʹର͢Δؤ݈ੑ͕ߴ͍ ख๏ ϞσϧʹఢରతͳઁಈΛՃ͑ͳ͕Βֶश͢Δ ݁Ռ ՝୊఺ ฏΒͳଛࣦͱͳΔΑ͏ͳ௚઀తͳఆࣜԽ͕ͳ͞Ε͍ͯͳ͍

10. ࿦จͷ֓ཁ  ໨త ఢରతࣄྫʹର͢Δؤ݈ੑΛߴΊ͍ͨ طଘݚڀ ఢରతࣄྫΛ࡞ֶͬͯशʹՃ͑Δख๏͕ଟ͔ͬͨ ఢରతࣄྫ΋ֶशʹՃ͑Δ͜ͱͰؤ݈ੑ͕޲্

11. ࿦จͷ֓ཁ  ఢରతࣄྫʹର͢Δؤ݈ੑ͕ߴ·ͬͨ ໨త ఢରతࣄྫʹର͢Δؤ݈ੑΛߴΊ͍ͨ طଘݚڀ ఢରతࣄྫΛ࡞ֶͬͯशʹՃ͑Δख๏͕ଟ͔ͬͨ ܦݧత 
 ࣄ࣮

    ٻ·ͬͨॏΈͷपล͕ΑΓฏΒͳଛࣦʹͳΔ৔߹ɺ
    ఢରతࣄྫʹର͢Δؤ݈ੑ͕ߴ͍ ख๏ ϞσϧʹఢରతͳઁಈΛՃ͑ͳ͕Βֶश͢Δ ݁Ռ ՝୊఺ ฏΒͳଛࣦͱͳΔΑ͏ͳ௚઀తͳఆࣜԽ͕ͳ͞Ε͍ͯͳ͍

12. ฏΒ͞ͷ֬ೝ  8FJHIU
    -PTT
    -BOETDBQF ρ(w) = 1 n n ∑ i=1

    max ∥x′  i −xi ∥p ≤ϵ ℓ(fw (x′  ), yi ) ఢରతࣄྫΛϞσϧʹೖྗͨ͠৔߹ͷଛࣦ͸ҎԼͷΑ͏ʹఆࣜԽՄೳ ఢରతࣄྫΛೖྗ͢Δͱ͍͏ҙຯ ρ(w + αd) = 1 n n ∑ i=1 max ∥x′  i −xi ∥p ≤ϵ ℓ(fw+αd (x′  ), yi ) ϞσϧͷॏΈͷपลͷଛࣦ͸ҎԼͷΑ͏ʹఆࣜԽՄೳ ύϥϝʔλʔXΛֶ࣋ͭशࡁΈϞσϧ ௕͞Ћ
    ํ޲E
    ͚ͩۙ๣ͷଛࣦ͕ܭࢉͰ͖Δ

13. ฏΒ͞ͷ֬ೝ  8FJHIU
    -PTT
    -BOETDBQF
    Λ
    
    ʹ͍ͭͯඳը͢ΔͱɺଛࣦͷฏΒ͞ΛՄࢹԽՄೳ Ed [ρ(w + αd)] α

    Ed [ρ(w + αd)] w ॏΈͷपลʹߦ͚͹ߦ͘΄Ͳଛࣦ͕େ͖͘ͳΔ
    w ख๏ʹΑͬͯฏΒ͞͸ҟͳΓͦ͏ طଘݚڀ

14. ΑΓฏΒͳଛࣦ͸ؤ݈ੑ͕ߴ͍  طଘݚڀͷ࣮ݧతൺֱ w ଛࣦ͕ฏΒͰͳ͍ख๏͸ɺֶशͱςετͷਫ਼౓ͷHBQ͕େ͖͍
    "5
    w ଛࣦ͕ฏΒʹͳΔख๏͸ɺֶशͱςετͷਫ਼౓ͷHBQ͕খ͍͞
    345

    
    "5&4
    w ϞσϧΛؤ݈ʹ͍ͨ͠
    
 ˠ
    ॏΈͷۙ๣ͷଛࣦ͕ฏΒͰ͋ΔΑ͏ͳֶशʹ͍ͨ͠ ֶश࣌ͱςετ࣌ͷੑೳͷΪϟοϓ ଛࣦͷฏΒ͞ طଘݚڀ

15. ࿦จͷ֓ཁ  ఢରతࣄྫʹର͢Δؤ݈ੑ͕ߴ·ͬͨ ໨త ఢରతࣄྫʹର͢Δؤ݈ੑΛߴΊ͍ͨ طଘݚڀ ఢରతࣄྫΛ࡞ֶͬͯशʹՃ͑Δख๏͕ଟ͔ͬͨ ܦݧత 


16. ໰୊ͷఆࣜԽ  ॏΈͷۙ๣ͷଛࣦ͕ฏΒͰ͋ΔΑ͏ͳֶशʹ͍ͨ͠ argmin w max v∈ 𝒱 ρ(w +

    v) ۙ๣ʹ͓͚Δଛࣦͷ࠷େ஋Λ ࠷খԽ͢ΔXΛݟ͚ͭΖ argmin w max v∈ 𝒱 1 n n ∑ i=1 max ∥x′  i −xi ∥p ≤ϵ ℓ(fw+v (x′  ), yi ) ЛΛల։ ্ه͕ղ͚Ε͹ɺఢରతࣄྫʹؤ݈ͳX͕ಘΒΕΔ͸ͣ

17. ໰୊ͷղ͖ํ  *OQVU
    1FSUVSCBUJPO argmin w max v∈ 𝒱 1 n

    n ∑ i=1 max ∥x′  i −xi ∥p ≤ϵ ℓ(fw+v (x′  ), yi ) ఢରతࣄྫΛೖྗ͢Δͱ͍͏ҙຯ ࠷ॳͷ࠷େԽ໰୊͸طଘݚڀͱಉ͘͡ɺఢରతࣄྫͷೖྗΛҙຯ͢Δ
    ࿦จͰ༻͍͍ͯͨ1(%
    BUUBDLͷ৔߹ԼهͷY`Λೖྗ͢Ε͹ྑ͍ x′  i ← Πϵ (x′  i + η1 sign(∇x′  i ℓ(fw+v (x′  i ), yi )) ˞࿦จʹ߹Θͤͨදهʹ͍ͯ͠Δɻ ͸૯৐ͷҙຯͰ͸ͳ͍ɻ 
 ɹཧղͷͨΊʹແࢹͯ͠΋ྑ͍ɻ Π

18. argmin w max v∈ 𝒱 1 n n ∑ i=1

    max ∥x′  i −xi ∥p ≤ϵ ℓ(fw+v (x′  ), yi ) ໰୊ͷղ͖ํ  8FJHIU
    1FSUVSCBUJPO ॏΈʹઁಈΛՃ͑ͯ࠷΋ϞσϧΛѱ͍ͨ͘͠ ͭ໨ͷ࠷େԽ໰୊͸Xۙ๣ͰϞσϧGΛ࠷΋ѱ͘͢Δ͜ͱΛҙਤ
    8VΒ͸ޯ഑Λ༻͍ͯҎԼͷΑ͏ʹWΛࢉग़ v ← Πγ v + η2 ∇v 1 m ∑m i=1 ℓ(fw+v (x′  i ), yi ) ∇v 1 m ∑m i=1 ℓ(fw+v (x′  i ), yi ) ∥w∥ ˞࿦จʹ߹Θͤͨදهʹ͍ͯ͠Δɻ ͸૯৐ͷҙຯͰ͸ͳ͍ɻ 
 ɹཧղͷͨΊʹແࢹͯ͠΋ྑ͍ɻ Π

19. ໰୊ͷղ͖ํ  8FJHIU
    1FSUVSCBUJPO v ← Πγ v + η2 ∇v

    1 m ∑m i=1 ℓ(fw+v (x′  i ), yi ) ∇v 1 m ∑m i=1 ℓ(fw+v (x′  i ), yi ) ∥w∥ ˞࿦จʹ߹Θͤͨදهʹ͍ͯ͠Δɻ ͸૯৐ͷҙຯͰ͸ͳ͍ɻ 
 ɹཧղͷͨΊʹແࢹͯ͠΋ྑ͍ɻ Π ࠷΋ଛࣦΛ࠷େԽ͢Δ୯ҐϕΫτϧ X΁ͷεέʔϧ߹Θͤ ֶश཰

20. ໰୊ͷղ͖ํ  ॏΈͷߋ৽ argmin w max v∈ 𝒱 1 n

    n ∑ i=1 max ∥x′  i −xi ∥p ≤ϵ ℓ(fw+v (x′  ), yi ) *OQVU
    1FSUVSCBUJPOͱ8FJHIU
    1FSUVSCBUJPOΛߦ্ͬͨͰɺ
    ௨ৗͷֶशͱಉ༷ʹόοΫϓϩοϓ͢Ε͹ྑ͍ ղܾ w ← w − η3 ∇w+v 1 m m ∑ i=1 ℓ(fw+v (x′  i ), yi ) *OQVU
    1FSUVSCBUJPOͱ8FJHIU
    1FSUVSCBUJPOΛ 
 ߦͬͨͱ͖ͷXͷޯ഑

21. ໰୊ͷఆࣜԽ  ॏΈͷۙ๣ͷଛࣦ͕ฏΒͰ͋ΔΑ͏ͳֶशʹ͍ͨ͠ argmin w max v∈ 𝒱 ρ(w +

    v) ۙ๣ʹ͓͚Δଛࣦͷ࠷େ஋Λ ࠷খԽ͢ΔXΛݟ͚ͭΖ ۩ମతʹ͸ w ← w − η3 ∇w+v 1 m m ∑ i=1 ℓ(fw+v (x′  i ), yi ) Ͱύϥϝʔλʔߋ৽Λߦ͑͹͍͍

22. ࣮ݧ݁Ռ  ˠͨ͠ɻશউɻ 
 ɹԼهͷදͷ"5"81͕ఏҊख๏ɻ਺ࣈ͕େ͖͍΄Ͳੑೳ͕ྑ͍ɻ 8FJHIU
    1FSUVSCBUJPOʹΑͬͯੑೳ޲্͢Δ͔ʁ "5
    ʜ
    *OQVU
    1FSUVSCBUJPOͷΈ
    طଘݚڀͷϕʔεϥΠϯ
    "5"81
    ʜ
    *OQVU
    1FSUVSCBUJPO
    
    8FJHIU
    1FSUVSCBUJPO

23. ࣮ݧ݁Ռ  طଘݚڀ΁ͷ૊ΈࠐΈ
    $*'"3Λ༻͍࣮ͨݧ طଘݚڀͰ͸*OQVU
    1FSUVSCBUJPOͱଛࣦؔ਺Λॻ͖׵͑Δख๏͕ଟ͍
    8FJHIU
    1FSUVSCBUJPO͸طଘݚڀʹ΋૊ΈࠐΊΔ ֤ྻ͸߈ܸखஈ
    ֤ߦ͸ख๏໊
    "81ͱ͍͍ͭͯΔ΋ͷ͕ఏҊख๏Λ૊ΈೖΕͨ৔߹ͷ݁Ռ

24. ิ଍ࣄ߲  ,BHHMFͰ͸༻͍ΒΕΔ"81ͷ࣮૷͸ɺ
    *OQVU
    1FSUVSCBUJPOΛߦΘͣ ఢରతࣄྫ͸࡞Βͣ ʹɺ
    8FJHIU
    1FSUVSCBUJPO͚ͩߦ͏ͷ͕ओྲྀɻ
    Ҏ߱ɺ,BHHMFͰ༻͍ΒΕΔ࣮૷Λલఏʹղઆ͠·͢ɻ ࿦จͰ͸ఢରతࣄྫʹର͢Δؤ݈ੑʹ஫໨͍͕ͯͨ͠ɺ
    ܦݧతʹະ஌ͷσʔλʹର͢Δ൚Խೳྗ΋޲্͢Δɻ

25. ໨࣍   ఢରతࣄྫͷ঺հ
    ͓࿩͚ͩ
    w "EWFSTBSJBM
    &YBNQMFʹؔ͢Δࣄલ஌ࣝΛಋೖ
     ࿦จղઆ
    

    ਺͕ࣜొ৔
    w "EWFSTBSJBM
    8FJHIU
    1FSUVSCBUJPO 
 )FMQT
    3PCVTU
    (FOFSBMJ[BUJPO
     ࣮૷ղઆ
    ࣮૷͕ొ৔
    w ,BHHMFͰ༻͍ΒΕΔ࣮૷Λ࿦จͷ਺ࣜͱରԠͤͯ͞ղઆ ࿦จΦϦδφϧͰ͸ͳ͘ΧϨʔͪΌΜɺ ⊙✱⊙ ͞ΜͳͲ࣮૷͔Β೿ੜ͍ͯ͠·͢

26. ҰൠతͳֶशMPPQͷྫ  "81࣮૷ͷલ४උ

27. "81ΛؚΜֶͩशMPPQͷྫ  "81࣮૷ͷ֓ཁ ͜ͷߦΛMPPQதʹૠೖ͢Ε͹ྑ͍ "81Ϋϥεͷఆٛ͸ͪ͜Β

28. "81ΛؚΜֶͩशMPPQͷྫ  "81࣮૷ͷ֓ཁͱ਺ࣜͷରԠ ߋ৽ଇͷޯ഑෦෼ΛٻΊ͍ͯΔ ∇w+v 1 m m ∑ i=1

    ℓ(fw+v (xi ), yi )

29. "81ΛؚΜֶͩशMPPQͷྫ  "81࣮૷ͷ֓ཁͱ਺ࣜͷରԠ 8Λ࣮ࡍʹߋ৽͢Δ෦෼ w ← w − η3 ∇w+v

    1 m m ∑ i=1 ℓ( fw+v (xi ), yi )

30. "81ͷ࣮૷  ͍ͭ͜Β͸ԿΛ΍͍ͬͯΔͷ͔ʁ

31. "81ͷ࣮૷  BUUBDL@CBDLXBSEͰ͸ԿΛ΍͍ͬͯΔͷ͔ʁ Ϟσϧ
    
    Λอଘ fw
    
    ʹվม fw+v ௚ޙʹCBDLXBSE͍ͯ͠Δͱ͍͏͜ͱ͸

    ∇w+v 1 m m ∑ i=1 ℓ( fw+v (xi ), yi ) 1 m m ∑ i=1 ℓ( fw+v (xi ), yi ) ΛಘΔ͜ͱʹͳΔ ˠ
    ॏΈXۙ๣Ͱ ४ ࠷ѱͷଛࣦΛܭࢉ͍ͯ͠Δ

32. "81ͷ࣮૷  @BUUBDL@TUFQͰ͸ԿΛ΍͍ͬͯΔͷ͔ʁ ˠ
    
    ʹվม͍ͯ͠Δ fw+v v ← η2 ∇v

    1 m ∑m i=1 ℓ( fw+v (x′  i ), yi ) ∇v 1 m ∑m i=1 ℓ( fw+v (x′  i ), yi ) ∥w∥

33. "81ͷ࣮૷  @BUUBDL@TUFQͰ͸ԿΛ΍͍ͬͯΔͷ͔ʁ ˠ
    
    ʹվม͍ͯ͠Δ fw+v
    fw+v

34. "81ͷ࣮૷  @SFTUPSFͷҙຯ Xۙ๣Ͱѱ͍ଛࣦΛܭࢉ ͦͷͱ͖ʹϞσϧΛ
    
    ʹॻ͖׵͑ͯ͠·ͬͨʂ fw+v
    
    ʹ໭͢ඞཁ͕͋Δ fw

35. "81ͷ࣮ફతͳ࢖༻ํ๏  ࣮ફͰ͸Ϟσϧ͕͋Δఔ౓ֶश͔ͯ͠Βಋೖ͢Δ ֶश࣌ؒ΋ϝϞϦ࢖༻ྔ΋ഒఔ౓ͱ͔ͳΓॏ͍

36. "81ͷಋೖྫ  111.ίϯϖʹ͓͚ΔTDPSFͷਪҠΛՄࢹԽ "81ʹΑΔఢରֶशͷ։࢝ ߴ͍΄Ͳྑ͍ ίϯϖͰ͸ ΄Ͳͷ
    ਫ਼౓޲্ʹد༩ͨ͠

37. "EWFSTBSJBM
    8FJHIU
    1FSUVSCBUJPO
    )FMQT
    3PCVTU
    (FOFSBMJ[BUJPO ·ͱΊ
    ࿦จΛղઆ͠·ͨ͠  ఢରతࣄྫʹର͢Δؤ݈ੑ͕ߴ·ͬͨ ໨త ఢରతࣄྫʹର͢Δؤ݈ੑΛߴΊ͍ͨ طଘݚڀ ఢରతࣄྫΛ࡞ֶͬͯशʹՃ͑Δख๏͕ଟ͔ͬͨ ܦݧత 


    ࣄ࣮ ٻ·ͬͨॏΈͷपล͕ΑΓฏΒͳଛࣦʹͳΔ৔߹ɺ
    ఢରతࣄྫʹର͢Δؤ݈ੑ͕ߴ͍ ख๏ ϞσϧʹఢରతͳઁಈΛՃ͑ͳ͕Βֶश͢Δ ݁Ռ ՝୊఺ ฏΒͳଛࣦͱͳΔΑ͏ͳ௚઀తͳఆࣜԽ͕ͳ͞Ε͍ͯͳ͍

38. -PPQͷதʹߦ௥Ճ͢Δ͚ͩͰ࣮૷Մೳ ·ͱΊ
    ࣮૷Λղઆ͠·ͨ͠  ͜ͷߦΛMPPQதʹૠೖ͢Ε͹ྑ͍ "81Ϋϥεͷఆٛ͸ͪ͜Β