Despite the success of deep learning-based algorithms, it is widely known that neural networks may fail to be robust. A popular paradigm to enforce robustness is adversarial training (AT), however, this introduces many computational and theoretical difficulties. Recent works have developed a connection between AT in the multiclass classification setting and multimarginal optimal transport (MOT), unlocking a new set of tools to study this problem. In this paper, we leverage the MOT connection to propose computationally tractable numerical algorithms for computing universal lower bounds on the optimal adversarial risk and identifying optimal classifiers. We propose two main algorithms based on linear programming (LP) and entropic regularization (Sinkhorn). Our key insight is that one can harmlessly truncate the higher order interactions between classes, preventing the combinatorial run times typically encountered in MOT problems. We validate these results with experiments on MNIST and CIFAR-$10$, which demonstrate the tractability of our approach.

翻译：尽管基于深度学习的算法取得了成功，但众所周知神经网络可能缺乏鲁棒性。提升鲁棒性的一种流行范式是对抗训练（AT），然而这带来了许多计算和理论上的困难。近期研究建立了多分类设置下对抗训练与多边缘最优传输（MOT）之间的联系，为研究该问题解锁了新工具集。本文利用这种MOT关联，提出了计算对抗最优风险普遍下界及识别最优分类器的可计算数值算法。我们基于线性规划（LP）和熵正则化（Sinkhorn）提出两种主要算法。关键洞察在于可无害地截断类别间的高阶交互作用，从而避免MOT问题中常见的组合爆炸计算复杂度。通过MNIST和CIFAR-10数据集上的实验验证了该方法的可行性。