题 目:OTAD: An Optimal Transport Induced Robust Model for Agnostic Adversarial Attack
主讲人:盖阔
单 位:北京大学
时 间:2024年8月19日 11:00
腾讯ID:598 617 222
摘 要:Deep neural networks are vulnerable to small adversarial perturbations of the inputs, posing a significant challenge to their reliability and robustness. Empirical methods such as adversarial training can defend against particular attacks but remain vulnerable to more powerful attacks. Alternatively, Lipschitz networks provide certified robustness to unseen perturbations but lack sufficient expressive power. To harness the advantages of both approaches, we design a novel two-step Optimal Transport induced Adversarial Defense (OTAD) model that can fit the training data accurately while preserving the local Lipschitz continuity. First, we train a deep neural network (DNN) with a regularizer derived from optimal transport theory, yielding a discrete optimal transport map linking data to its features. By leveraging the map's inherent regularity, we interpolate the map by solving the convex integration problem (CIP) to guarantee the local Lipschitz property. OTAD is extensible to diverse architectures of ResNet and Transformer, making it suitable for complex data. For efficient computation, the CIP can be solved through training neural networks. OTAD opens a novel avenue for developing reliable and secure deep learning systems through the regularity of optimal transport map. Empirical results demonstrate that OTAD can outperform other robust models on diverse datasets.
简 介:盖阔,北京大学数学科学学院博士后。本科与博士分别毕业于复旦大学数学科学学院和中科院数学与系统科学研究院。研究方向为深度学习的基础理论与算法设计。工作发表于IEEE TPAMI、ICLR、PR、NAR等期刊及会议。