Wasserstein distributionally robust optimization (WDRO) provides a framework for adversarial robustness, yet existing methods based on global Lipschitz continuity or strong duality often yield loose upper bounds or require prohibitive computation. In this work, we address these limitations by introducing a primal approach and adopting a notion of exact Lipschitz certificate to tighten this upper bound of WDRO. In addition, we propose a novel Wasserstein distributional attack (WDA) that directly constructs a candidate for the worst-case distribution. Compared to existing point-wise attack and its variants, our WDA offers greater flexibility in the number and location of attack points. In particular, by leveraging the piecewise-affine structure of ReLU networks on their activation cells, our approach results in an exact tractable characterization of the corresponding WDRO problem. Extensive evaluations demonstrate that our method achieves competitive robust accuracy against state-of-the-art baselines while offering tighter certificates than existing methods. Our code is available at https://github.com/OLab-Repo/WDA

翻译：Wasserstein分布鲁棒优化（WDRO）为对抗鲁棒性提供了一个框架，但现有基于全局Lipschitz连续性或强对偶性的方法往往产生宽松的上界或需要高昂的计算代价。本工作通过引入原始问题方法并采用精确Lipschitz证书的概念来收紧WDRO的上界，从而解决这些局限性。此外，我们提出了一种新颖的Wasserstein分布攻击（WDA），可直接构造最坏情况分布的候选解。与现有的逐点攻击及其变体相比，我们的WDA在攻击点的数量和位置上具有更高的灵活性。特别地，通过利用ReLU网络在其激活单元上的分段仿射结构，我们的方法实现了对应WDRO问题的精确可处理表征。大量实验评估表明，我们的方法在取得与最先进基线相当的鲁棒精度的同时，提供了比现有方法更紧致的证书。代码发布于https://github.com/OLab-Repo/WDA