Alchemy: Data-Free Adversarial Training

Machine learning models have become integral to various aspects of daily life, prompting increased vulnerability to adversarial attacks.Adversarial training is one of the most promising and practical methods to enhance model robustness.Existing adversarial training methods, however, assume access to the original training data.But nowadays, more and more users directly download models from the open-source model platforms or tech companies, but the original training datasets are usually unreleased because of commercial interests or privacy.In such scenarios, the user cannot utilize the former adversarial training methods to improve model robustness because of the lack of original training datasets.Thus, we present the first exploration of a data-free adversarial training framework, Alchemy, which seeks to enhance model robustness without requiring access to the original training data.By addressing the notable challenges of reconstructing high-quality training data with robust features and improving the adversarial robustness to the inaccessible original dataset, our approach achieves the goals of both high accuracy maintenance and robustness improvement.Comprehensive experiments on four datasets compared with five baselines, demonstrate Alchemy 's high effectiveness.With no access to any training dataset, the average robustness improvement with Alchemy is effective in most attack scenarios.Additional evaluations underscore the framework's stability under different settings and discuss future research directions.