Backdoor attack introduces artificial vulnerabilities into the model by poisoning a subset of the training data via injecting triggers and modifying labels. Various trigger design strategies have been explored to attack text classifiers, however, …
The average of contextualized representations shares almost the same direction as the first principal component of the matrix whose columns are these representations. We believe this explains why the average representation is always a simple yet strong baseline.
We propose APART, an adaptive adversarial training framework, which parameterizes perturbation generation and progressively strengthens them.
We motivate from Neural-ODE perspective and design an adaptive training algorithm for ResNet, which can save ~50% training time.