MA‐CAT: Misclassification‐Aware Contrastive Adversarial Training

Abstract

Vulnerability to adversarial examples poses a significant challenge to the secure application of deep neural networks. Adversarial training and its variants have shown great potential in addressing this problem. However, such approaches, which directly optimize the decision boundary, often result in overly complex adversarial decision boundaries that are detrimental to generalization. To deal with this issue, a novel plug‐and‐play method known as Misclassification‐Aware Contrastive Adversarial Training (MA‐CAT) from the perspective of data distribution optimization is proposed. MA‐CAT leverages supervised decoupled contrastive learning to cluster nature examples within the same class in the logit space, indirectly increasing the margins of examples. Moreover, by taking into account the varying difficulty levels of adversarial training for different examples, MA‐CAT adaptively customizes the strength of adversarial training for each example using an instance‐wise misclassification‐aware adaptive temperature coefficient. Extensive experiments on the CIFAR‐10, CIFAR‐100, and SVHN datasets demonstrate that MA‐CAT can be easily integrated into existing models and significantly improves robustness with minimal computational cost.