Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
41 tokens/sec
GPT-4o
59 tokens/sec
Gemini 2.5 Pro Pro
41 tokens/sec
o3 Pro
7 tokens/sec
GPT-4.1 Pro
50 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Adapters Mixup: Mixing Parameter-Efficient Adapters to Enhance the Adversarial Robustness of Fine-tuned Pre-trained Text Classifiers (2401.10111v2)

Published 18 Jan 2024 in cs.CL

Abstract: Existing works show that augmenting the training data of pre-trained LLMs (PLMs) for classification tasks fine-tuned via parameter-efficient fine-tuning methods (PEFT) using both clean and adversarial examples can enhance their robustness under adversarial attacks. However, this adversarial training paradigm often leads to performance degradation on clean inputs and requires frequent re-training on the entire data to account for new, unknown attacks. To overcome these challenges while still harnessing the benefits of adversarial training and the efficiency of PEFT, this work proposes a novel approach, called AdpMixup, that combines two paradigms: (1) fine-tuning through adapters and (2) adversarial augmentation via mixup to dynamically leverage existing knowledge from a set of pre-known attacks for robust inference. Intuitively, AdpMixup fine-tunes PLMs with multiple adapters with both clean and pre-known adversarial examples and intelligently mixes them up in different ratios during prediction. Our experiments show AdpMixup achieves the best trade-off between training efficiency and robustness under both pre-known and unknown attacks, compared to existing baselines on five downstream tasks across six varied black-box attacks and 2 PLMs. All source code will be available.

PDF HTML Abstract
Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Bookmark Chat Bubble Oval Streamline Icon: https://streamlinehq.com Chat (Pro)
Definition Search Book Streamline Icon: https://streamlinehq.com
References (24)
  1. Explaining and harnessing adversarial examples. ICLR.
  2. Parameter-efficient transfer learning for nlp. In ICML, pages 2790–2799. PMLR.
  3. Lora: Low-rank adaptation of large language models. In ICLR.
  4. Averaging Weights Leads to Wider Optima and Better Generalization. Uncertainty in Artificial Intelligence.
  5. Is BERT really robust? A strong baseline for natural language attack on text classification and entailment. In Proceedings of AAAI 2020.
  6. RoBERTa: A Robustly Optimized BERT Pretraining approach. arXiv.
  7. Virtual adversarial training: a regularization method for supervised and semi-supervised learning. IEEE transactions on pattern analysis and machine intelligence.
  8. What is being transferred in transfer learning? NeurIPS.
  9. Adapterfusion: Non-destructive task composition for transfer learning. arXiv preprint arXiv:2005.00247.
  10. Generating Natural Language Adversarial Examples through Probability Weighted Word Saliency. In Proceedings of ACL 2019.
  11. Better robustness by more coverage: Adversarial and mixup data augmentation for robust finetuning. In Findings of the Association for Computational Linguistics: ACL-IJCNLP.
  12. It’s morphin’ time! Combating linguistic discrimination with inflectional perturbations. In Proceedings of ACL 2020.
  13. InfoBERT: Improving Robustness of Language Models from An Information Theoretic Perspective. In Proceedings of ICLR 2021.
  14. CAT-gen: Improving robustness in NLP models via controlled adversarial text generation. In Proceedings of EMNLP 2020.
  15. Model soups: averaging weights of multiple fine-tuned models improves accuracy without increasing inference time. In ICML. PMLR.
  16. Adversarial Examples Improve Image Recognition. arXiv preprint arXiv:1911.09665.
  17. To be robust or to be fair: Towards fairness in adversarial training. In International conference on machine learning, pages 11492–11501. PMLR.
  18. Ties-merging: Resolving interference when merging models. In Thirty-seventh Conference on Neural Information Processing Systems.
  19. On the Robustness of Language Encoders against Grammatical Errors. In Proceedings of ACL 2020.
  20. Language models are super mario: Absorbing abilities from homologous models as a free lunch. arXiv preprint arXiv:2311.03099.
  21. mixup: Beyond empirical risk minimization. ICLR.
  22. mixup: Beyond empirical risk minimization. In Processings of ICLR 2018.
  23. Freelb: Enhanced adversarial training for natural language understanding. ICLR.
  24. A Reinforced Generation of Adversarial Samples for Neural Machine Translation. In Proceedings of ACL 2020.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (2)
  1. Tuc Nguyen (4 papers)
  2. Thai Le (38 papers)
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets