This repository provides the implementation of OTAD on CIFAR-10, demonstrating two defense variants:
- OTAD-T: Solves the convex integral problem exactly via LP + QCQP (MOSEK solver).
- OTAD-T-NN: Approximates the CIP solution using a neural network (CIPNet).
OTAD/
├── models/
│ ├── layers.py # Transformer encoder blocks
│ ├── vit.py # ViT, ViT_feat, EmbedLayer, Attention
│ ├── models.py # BasicBlock, CNNBlock, DMLResNet
│ └── cipnet.py # CIPNet
├── solvers/
│ ├── mosek_potential.py # LP solver (convex potential)
│ └── mosek_test.py # QCQP solver (OT map)
├── BPDA.py # BPDA wrapper and PGD attack
├── prepare_data.py # Extract OT data from ViT backbone
├── train_dml.py # Train DML ResNet for neighbor retrieval
├── prepare_cip_data.py # Generate CIP training data
├── train_cipnet.py # Train CIPNet
├── eval_pgd.py # Evaluate under PGD attack (Linf + L2)
└── eval_autoattack.py # Evaluate under AutoAttack (Linf + L2)
- Python 3.8+
- PyTorch
- torchvision
- mosek (Obtain a license in https://www.mosek.com/downloads/)
- pytorch-metric-learning
- autoattack
Extract embeddings and encoder outputs from the pretrained ViT backbone:
python prepare_data.pyTrain the deep metric learning network for neighbor retrieval:
python train_dml.pySolve LP + QCQP for training samples to create supervision data:
python prepare_cip_data.pyTrain the neural network to approximate CIP solutions:
python train_cipnet.pyBPDA + PGD Attack:
python eval_pgd.py --defense otad-t --gpu 0
python eval_pgd.py --defense otad-t-nn --gpu 0AutoAttack (OTAD-T-NN only):
python eval_autoattack.py --gpu 0Place pretrained model weights in ./checkpoints/:
vit_cifar10.pth— ViT backbonedml_resnet.pth— DML ResNet (generated bytrain_dml.py)cipnet.pth— CIPNet (generated bytrain_cipnet.py)
If you find this work useful, please cite:
@article{gai2026otad,
title={OTAD: An Optimal Transport-Induced Robust Model for Agnostic Adversarial Attack},
author={Kuo Gai and Sicong Wang and Shihua Zhang},
year={2026},
journal={arXiv preprint arXiv:2408.00329}
}