Optimal Transport Model Distributional Robustness

TL;DR

This paper introduces an optimal transport-based distributional robustness framework in model space, enabling robust training of deep learning models against adversarial attacks and distribution shifts, with theoretical insights and practical improvements.

Contribution

It develops a novel optimal transport approach in model space, incorporating sharpness awareness and unifying SAM within a probabilistic framework, with extensive empirical validation.

Findings

Framework improves robustness over baselines

Incorporates sharpness awareness into model training

Unifies SAM as a special case of the proposed method

Abstract

Distributional robustness is a promising framework for training deep learning models that are less vulnerable to adversarial examples and data distribution shifts. Previous works have mainly focused on exploiting distributional robustness in the data space. In this work, we explore an optimal transport-based distributional robustness framework in model spaces. Specifically, we examine a model distribution within a Wasserstein ball centered on a given model distribution that maximizes the loss. We have developed theories that enable us to learn the optimal robust center model distribution. Interestingly, our developed theories allow us to flexibly incorporate the concept of sharpness awareness into training, whether it's a single model, ensemble models, or Bayesian Neural Networks, by considering specific forms of the center model distribution. These forms include a Dirac delta distribution over a single model, a uniform distribution over several models, and a general Bayesian Neural Network. Furthermore, we demonstrate that Sharpness-Aware Minimization (SAM) is a specific case of our framework when using a Dirac delta distribution over a single model, while our framework can be seen as a probabilistic extension of SAM. To validate the effectiveness of our framework in the aforementioned settings, we conducted extensive experiments, and the results reveal remarkable improvements compared to the baselines.