Sharpness-Aware Geometric Defense for Robust Out-Of-Distribution Detection

• URL: http://arxiv.org/abs/2508.17174v1
• Date: Sun, 24 Aug 2025 01:03:40 GMT
• Title: Sharpness-Aware Geometric Defense for Robust Out-Of-Distribution Detection
• Authors: Jeng-Lin Li, Ming-Ching Chang, Wei-Chao Chen,
• Abstract summary: We develop a robust OOD detection method that distinguishes adversarial ID samples from OOD ones.<n>We introduce a bf Sharpness-aware Geometric Defense (SaGD) framework to smooth out the rugged adversarial loss landscape in the projected latent geometry.<n>Our framework significantly improves FPR and AUC over the state-of-the-art defense approaches.
• Score: 20.09444331826756
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Out-of-distribution (OOD) detection ensures safe and reliable model deployment. Contemporary OOD algorithms using geometry projection can detect OOD or adversarial samples from clean in-distribution (ID) samples. However, this setting regards adversarial ID samples as OOD, leading to incorrect OOD predictions. Existing efforts on OOD detection with ID and OOD data under attacks are minimal. In this paper, we develop a robust OOD detection method that distinguishes adversarial ID samples from OOD ones. The sharp loss landscape created by adversarial training hinders model convergence, impacting the latent embedding quality for OOD score calculation. Therefore, we introduce a {\bf Sharpness-aware Geometric Defense (SaGD)} framework to smooth out the rugged adversarial loss landscape in the projected latent geometry. Enhanced geometric embedding convergence enables accurate ID data characterization, benefiting OOD detection against adversarial attacks. We use Jitter-based perturbation in adversarial training to extend the defense ability against unseen attacks. Our SaGD framework significantly improves FPR and AUC over the state-of-the-art defense approaches in differentiating CIFAR-100 from six other OOD datasets under various attacks. We further examine the effects of perturbations at various adversarial training levels, revealing the relationship between the sharp loss landscape and adversarial OOD detection.

Related papers

• GOOD: Training-Free Guided Diffusion Sampling for Out-of-Distribution Detection [61.96025941146103]
  GOOD is a novel framework that guides sampling trajectories towards OOD regions using off-the-shelf in-distribution (ID) classifiers.<n> GOOD incorporates dual-level guidance: Image-level guidance based on the gradient of log partition to reduce input likelihood, drives samples toward low-density regions in pixel space.<n>We introduce a unified OOD score that adaptively combines image and feature discrepancies, enhancing detection robustness.
  arXiv  Detail & Related papers  (2025-10-20T03:58:46Z)
• HALO: Robust Out-of-Distribution Detection via Joint Optimisation [11.107924895663173]
  Effective out-of-distribution (OOD) detection is crucial for the safe deployment of machine learning models in real-world scenarios.<n>Recent work has shown that OOD detection methods are vulnerable to adversarial attacks, potentially leading to critical failures in high-stakes applications.<n>We introduce an additional loss term which boosts classification and detection performance.<n>Our approach, called HALO, surpasses existing methods and achieves state-of-the-art performance across a number of datasets and attack settings.
  arXiv  Detail & Related papers  (2025-02-27T04:40:18Z)
• The Best of Both Worlds: On the Dilemma of Out-of-distribution Detection [75.65876949930258]
  Out-of-distribution (OOD) detection is essential for model trustworthiness. We show that the superior OOD detection performance of state-of-the-art methods is achieved by secretly sacrificing the OOD generalization ability.
  arXiv  Detail & Related papers  (2024-10-12T07:02:04Z)
• Out-of-Distribution Data: An Acquaintance of Adversarial Examples -- A Survey [7.891552999555933]
  Deep neural networks (DNNs) deployed in real-world applications can encounter out-of-distribution (OOD) data and adversarial examples. Traditionally, research has addressed OOD detection and adversarial robustness as separate challenges. This survey focuses on the intersection of these two areas, examining how the research community has investigated them together.
  arXiv  Detail & Related papers  (2024-04-08T06:27:38Z)
• OOD Aware Supervised Contrastive Learning [13.329080722482187]
  Out-of-Distribution (OOD) detection is a crucial problem for the safe deployment of machine learning models. We leverage powerful representation learned with Supervised Contrastive (SupCon) training and propose a holistic approach to learn a robust to OOD data. Our solution is simple and efficient and acts as a natural extension of the closed-set supervised contrastive representation learning.
  arXiv  Detail & Related papers  (2023-10-03T10:38:39Z)
• Rethinking Out-of-distribution (OOD) Detection: Masked Image Modeling is All You Need [52.88953913542445]
  We find surprisingly that simply using reconstruction-based methods could boost the performance of OOD detection significantly. We take Masked Image Modeling as a pretext task for our OOD detection framework (MOOD)
  arXiv  Detail & Related papers  (2023-02-06T08:24:41Z)
• Your Out-of-Distribution Detection Method is Not Robust! [0.4893345190925178]
  Out-of-distribution (OOD) detection has recently gained substantial attention due to the importance of identifying out-of-domain samples in reliability and safety. To mitigate this issue, several defenses have recently been proposed. We re-examine these defenses against an end-to-end PGD attack on in/out data with larger perturbation sizes.
  arXiv  Detail & Related papers  (2022-09-30T05:49:00Z)
• Provably Robust Detection of Out-of-distribution Data (almost) for free [124.14121487542613]
  Deep neural networks are known to produce highly overconfident predictions on out-of-distribution (OOD) data. In this paper we propose a novel method where from first principles we combine a certifiable OOD detector with a standard classifier into an OOD aware classifier. In this way we achieve the best of two worlds: certifiably adversarially robust OOD detection, even for OOD samples close to the in-distribution, without loss in prediction accuracy and close to state-of-the-art OOD detection performance for non-manipulated OOD data.
  arXiv  Detail & Related papers  (2021-06-08T11:40:49Z)
• ATOM: Robustifying Out-of-distribution Detection Using Outlier Mining [51.19164318924997]
  Adrial Training with informative Outlier Mining improves robustness of OOD detection. ATOM achieves state-of-the-art performance under a broad family of classic and adversarial OOD evaluation tasks.
  arXiv  Detail & Related papers  (2020-06-26T20:58:05Z)
• Robust Out-of-distribution Detection for Neural Networks [51.19164318924997]
  We show that existing detection mechanisms can be extremely brittle when evaluating on in-distribution and OOD inputs. We propose an effective algorithm called ALOE, which performs robust training by exposing the model to both adversarially crafted inlier and outlier examples.
  arXiv  Detail & Related papers  (2020-03-21T17:46:28Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.