Enhancing Adversarial Robustness for Deep Metric Learning via Attention-Aware Knowledge Guidance

Due to the security concerns arising from adversarial vulnerability, it is essential to enhance the adversarial robustness of deep metric learning models. Existing defense methods employ adversarial triplets to improve adversarial robustness but sacrifice benign performance. In this paper, we propose a novel framework for deep metric learning by introducing the concept of "Attention-Aware Knowledge Guidance", dubbed AAKG, which not only enhances adversarial robustness but also improves benign performance. Specifically, we develop a search algorithm to identify particularly weak robustness subnets and explicitly strengthen them through an adversarial attention-aware knowledge guidance. Additionally, we employ a pre-trained and fixed teacher model to improve benign performance through a benign attention-aware knowledge guidance. To demonstrate the flexibility of our approach, we combine AAKG with popular adversarial robustness methods. Experiment evaluations on three benchmark databases demonstrate that our proposed attention-aware knowledge guidance for deep metric learning significantly outperforms state-of-the-art defenses in terms of both adversarial robustness and benign performance.