NeurIPS 2019
Sun Dec 8th through Sat the 14th, 2019 at Vancouver Convention Center
Paper ID:253
Title:Metric Learning for Adversarial Robustness

The paper presents a smart heuristic approach based on triplet loss to address adversarial attacks. The triplet loss considers, besides the current example, a nearest-neighbor (according to the latent representation) from another class as negative example, and another example of the same class as positive example. While the idea is intuitive, and nicely explained in the paper, the careful experimental validation shows it is empirically efficient on two datasets with respect to a number of attacks. The computational cost (finding the nearest negative) is mitigated by restricting the search to the current mini-batch. Please analyze the sensitivity and speed of convergence w.r.t. the minibatch size in the camera-ready.