We introduce a new class of optimal-transport-regularized divergences, $D^c$, constructed via an infimal convolution between an information divergence, $D$, and an optimal-transport (OT) cost, $C$, and study their use in distributionally robust optimization (DRO). In particular, we propose the $ARMOR_D$ methods as novel approaches to enhancing the adversarial robustness of deep learning models. These DRO-based methods are defined by minimizing the maximum expected loss over a $D^c$-neighborhood of the empirical distribution of the training data. Viewed as a tool for constructing adversarial samples, our method allows samples to be both transported, according to the OT cost, and re-weighted, according to the information divergence; the addition of a principled and dynamical adversarial re-weighting on top of adversarial sample transport is a key innovation of $ARMOR_D$. $ARMOR_D$ can be viewed as a generalization of the best-performing loss functions and OT costs in the adversarial training literature; we demonstrate this flexibility by using $ARMOR_D$ to augment the UDR, TRADES, and MART methods and obtain improved performance on CIFAR-10 and CIFAR-100 image recognition. Specifically, augmenting with $ARMOR_D$ leads to 1.9\% and 2.1\% improvement against AutoAttack, a powerful ensemble of adversarial attacks, on CIFAR-10 and CIFAR-100 respectively. To foster reproducibility, we made the code accessible at https://github.com/star-ailab/ARMOR.

翻译：我们引入了一类新的最优传输正则化散度$D^c$，其通过信息散度$D$与最优传输成本$C$之间的下确界卷积构造，并研究了它们在分布鲁棒优化中的应用。具体而言，我们提出了$ARMOR_D$方法作为增强深度学习模型对抗鲁棒性的新途径。这些基于DRO的方法定义为在训练数据经验分布的$D^c$邻域内最小化最大期望损失。将我们的方法视为构建对抗样本的工具时，它允许样本既可根据最优传输成本进行迁移，也可根据信息散度进行重加权；在对抗样本迁移基础上增加原则性且动态的对抗重加权是$ARMOR_D$的核心创新。$ARMOR_D$可视为对抗训练文献中最佳性能损失函数与最优传输成本的泛化；我们通过使用$ARMOR_D$增强UDR、TRADES和MART方法，并在CIFAR-10和CIFAR-100图像识别任务上获得性能提升，展示了这种灵活性。具体而言，使用$ARMOR_D$增强后，在对抗攻击集成方法AutoAttack上，CIFAR-10和CIFAR-100的鲁棒准确率分别提升1.9%和2.1%。为促进可复现性，代码已公开于https://github.com/star-ailab/ARMOR。