Cost-free adversarial defense: Distance-based optimization for model robustness without adversarial training

Although convolutional neural networks (CNNs) have advanced to demonstrate superior performance in image classification tasks that often surpass human capability, the feature space of CNNs, which are trained using a typical training method, is limited by the smaller-than-expected inter-class variances. Consequently, CNNs are prone to misclassifying adversarial examples with high confidence, and the difference between an adversarial example and a normal input is indistinguishable by human beings. To alleviate this problem, we propose a training methodology that defends against adversarial attacks through a constraint that applies a class-specific differentiation to the feature space of CNNs. The proposed methodology first forces the feature representations that corresponding to each class to be localized on the hypersphere surface with a particular radius. The forced representation is then trained to be located as close to the center of the hypersphere as possible, resulting in feature representations with a small intra-class variance and large inter-class variances. The experimental results reveal that the proposed two-step training method enhances defense performance by 17.1%p and demonstrates a training speed of up to 30 times faster than the existing distance-based adversarial defense methodology. The code is available at: https://github.com/lepoeme20/cost-free-adversarial-defense