Beckman Defense

TL;DR

This paper introduces the Beckman barycenter, a computationally efficient OT barycenter variant, to enhance adversarial robustness in deep learning models through a novel training method that requires only a single epoch.

Contribution

The paper proposes the Beckman barycenter, a new OT barycenter formulation that is computationally efficient and effective for training adversarially robust neural networks.

Findings

Significant robustness improvements on CIFAR-10, CIFAR-100, and Tiny ImageNet.

Maximum boost of 10 ext{ in CIFAR-10 under auto attack.

Efficient training requiring only a single epoch.

Abstract

Optimal transport (OT) based distributional robust optimisation (DRO) has received some traction in the recent past. However, it is at a nascent stage but has a sound potential in robustifying the deep learning models. Interestingly, OT barycenters demonstrate a good robustness against adversarial attacks. Owing to the computationally expensive nature of OT barycenters, they have not been investigated under DRO framework. In this work, we propose a new barycenter, namely Beckman barycenter, which can be computed efficiently and used for training the network to defend against adversarial attacks in conjunction with adversarial training. We propose a novel formulation of Beckman barycenter and analytically obtain the barycenter using the marginals of the input image. We show that the Beckman barycenter can be used to train adversarially trained networks to improve the robustness. Our training is extremely efficient as it requires only a single epoch of training. Elaborate experiments on CIFAR-10, CIFAR-100 and Tiny ImageNet demonstrate that training an adversarially robust network with Beckman barycenter can significantly increase the performance. Under auto attack, we get a a maximum boost of 10\% in CIFAR-10, 8.34\% in CIFAR-100 and 11.51\% in Tiny ImageNet. Our code is available at https://github.com/Visual-Conception-Group/test-barycentric-defense.