Achieving robustness in classification using optimal transport with
hinge regularization
- URL: http://arxiv.org/abs/2006.06520v3
- Date: Mon, 26 Apr 2021 14:30:55 GMT
- Title: Achieving robustness in classification using optimal transport with
hinge regularization
- Authors: Mathieu Serrurier, Franck Mamalet, Alberto Gonz\'alez-Sanz, Thibaut
Boissin, Jean-Michel Loubes, Eustasio del Barrio
- Abstract summary: We propose a new framework for binary classification, based on optimal transport.
We learn 1-Lipschitz networks using a new loss that is an hinge regularized version of the Kantorovich-Rubinstein dual formulation for the Wasserstein distance estimation.
- Score: 7.780418853571034
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Adversarial examples have pointed out Deep Neural Networks vulnerability to
small local noise. It has been shown that constraining their Lipschitz constant
should enhance robustness, but make them harder to learn with classical loss
functions. We propose a new framework for binary classification, based on
optimal transport, which integrates this Lipschitz constraint as a theoretical
requirement. We propose to learn 1-Lipschitz networks using a new loss that is
an hinge regularized version of the Kantorovich-Rubinstein dual formulation for
the Wasserstein distance estimation. This loss function has a direct
interpretation in terms of adversarial robustness together with certifiable
robustness bound. We also prove that this hinge regularized version is still
the dual formulation of an optimal transportation problem, and has a solution.
We also establish several geometrical properties of this optimal solution, and
extend the approach to multi-class problems. Experiments show that the proposed
approach provides the expected guarantees in terms of robustness without any
significant accuracy drop. The adversarial examples, on the proposed models,
visibly and meaningfully change the input providing an explanation for the
classification.
Related papers
- Tight Certified Robustness via Min-Max Representations of ReLU Neural
Networks [9.771011198361865]
The reliable deployment of neural networks in control systems requires rigorous robustness guarantees.
In this paper, we obtain tight robustness certificates over convex representations of ReLU neural networks.
arXiv Detail & Related papers (2023-10-07T21:07:45Z) - The Lipschitz-Variance-Margin Tradeoff for Enhanced Randomized Smoothing [85.85160896547698]
Real-life applications of deep neural networks are hindered by their unsteady predictions when faced with noisy inputs and adversarial attacks.
We show how to design an efficient classifier with a certified radius by relying on noise injection into the inputs.
Our novel certification procedure allows us to use pre-trained models with randomized smoothing, effectively improving the current certification radius in a zero-shot manner.
arXiv Detail & Related papers (2023-09-28T22:41:47Z) - Lipschitz Continuity Retained Binary Neural Network [52.17734681659175]
We introduce the Lipschitz continuity as the rigorous criteria to define the model robustness for BNN.
We then propose to retain the Lipschitz continuity as a regularization term to improve the model robustness.
Our experiments prove that our BNN-specific regularization method can effectively strengthen the robustness of BNN.
arXiv Detail & Related papers (2022-07-13T22:55:04Z) - Sparsest Univariate Learning Models Under Lipschitz Constraint [31.28451181040038]
We propose continuous-domain formulations for one-dimensional regression problems.
We control the Lipschitz constant explicitly using a user-defined upper-bound.
We show that both problems admit global minimizers that are continuous and piecewise-linear.
arXiv Detail & Related papers (2021-12-27T07:03:43Z) - Robust Implicit Networks via Non-Euclidean Contractions [63.91638306025768]
Implicit neural networks show improved accuracy and significant reduction in memory consumption.
They can suffer from ill-posedness and convergence instability.
This paper provides a new framework to design well-posed and robust implicit neural networks.
arXiv Detail & Related papers (2021-06-06T18:05:02Z) - Online and Distribution-Free Robustness: Regression and Contextual
Bandits with Huber Contamination [29.85468294601847]
We revisit two classic high-dimensional online learning problems, namely linear regression and contextual bandits.
We show that our algorithms succeed where conventional methods fail.
arXiv Detail & Related papers (2020-10-08T17:59:05Z) - Lipschitz Bounded Equilibrium Networks [3.2872586139884623]
This paper introduces new parameterizations of equilibrium neural networks, i.e. networks defined by implicit equations.
The new parameterization admits a Lipschitz bound during training via unconstrained optimization.
In image classification experiments we show that the Lipschitz bounds are very accurate and improve robustness to adversarial attacks.
arXiv Detail & Related papers (2020-10-05T01:00:40Z) - Provable tradeoffs in adversarially robust classification [96.48180210364893]
We develop and leverage new tools, including recent breakthroughs from probability theory on robust isoperimetry.
Our results reveal fundamental tradeoffs between standard and robust accuracy that grow when data is imbalanced.
arXiv Detail & Related papers (2020-06-09T09:58:19Z) - Consistency Regularization for Certified Robustness of Smoothed
Classifiers [89.72878906950208]
A recent technique of randomized smoothing has shown that the worst-case $ell$-robustness can be transformed into the average-case robustness.
We found that the trade-off between accuracy and certified robustness of smoothed classifiers can be greatly controlled by simply regularizing the prediction consistency over noise.
arXiv Detail & Related papers (2020-06-07T06:57:43Z) - Lipschitz Bounds and Provably Robust Training by Laplacian Smoothing [7.4769019455423855]
We formulate the adversarially robust learning problem as one of loss minimization with a Lipschitz constraint.
We show that the saddle point of the associated Lagrangian is characterized by a Poisson equation with weighted Laplace operator.
We design a provably robust training scheme using graph-based discretization of the input space and a primal-dual algorithm to converge to the Lagrangian's saddle point.
arXiv Detail & Related papers (2020-06-05T22:02:21Z) - Being Bayesian, Even Just a Bit, Fixes Overconfidence in ReLU Networks [65.24701908364383]
We show that a sufficient condition for a uncertainty on a ReLU network is "to be a bit Bayesian calibrated"
We further validate these findings empirically via various standard experiments using common deep ReLU networks and Laplace approximations.
arXiv Detail & Related papers (2020-02-24T08:52:06Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.