Summary of Otad: An Optimal Transport-induced Robust Model For Agnostic Adversarial Attack, by Kuo Gai et al.
OTAD: An Optimal Transport-Induced Robust Model for Agnostic Adversarial Attack
by Kuo Gai, Sicong Wang, Shihua Zhang
First submitted to arxiv on: 1 Aug 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Artificial Intelligence (cs.AI); Optimization and Control (math.OC); Machine Learning (stat.ML)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary The proposed OTAD model combines the advantages of adversarial training and Lipschitz networks to achieve certified robustness against unseen perturbations while accurately fitting training data. The novel approach consists of two steps: first, a deep neural network (DNN) is trained with a regularizer derived from optimal transport theory, yielding a discrete optimal transport map linking data to its features. Then, the map’s inherent regularity is leveraged by solving the convex integration problem (CIP) to guarantee local Lipschitz continuity. The OTAD model can be extended to various architectures of ResNet and Transformer, making it suitable for complex data. Empirical results show that OTAD outperforms other robust models on diverse datasets. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary A new way is found to make deep learning systems more reliable and secure. This is called OTAD (Optimal Transport induced Adversarial Defense). It works by combining two previous methods: one that helps defend against attacks, and another that makes sure the system is strong against unexpected changes. The first step trains a special kind of map that connects data to its features. Then, this map is used to make the system more regular and predictable, like a math problem that has a clear answer. This new approach can be used with different types of systems and works well on many kinds of data. |
Keywords
» Artificial intelligence » Deep learning » Neural network » Resnet » Transformer
