In this paper we introduce a provably stable architecture for Neural Ordinary Differential
Equations (ODEs) which achieves non-trivial adversarial robustness under white-box
adversarial attacks even when the network is trained naturally. For most existing defense
methods withstanding strong white-box attacks, to improve robustness of neural networks,
they need to be trained adversarially, hence have to strike a trade-off between natural
accuracy and adversarial robustness. Inspired by dynamical system theory, we design a …

In this paper we introduce a provably stable architecture for Neural Ordinary Differential
Equations (ODEs) which achieves non-trivial adversarial robustness under white-box
adversarial attacks even when the network is trained naturally. For most existing defense
methods withstanding strong white-box attacks, to improve robustness of neural networks,
they need to be trained adversarially, hence have to strike a trade-off between natural
accuracy and adversarial robustness. Inspired by dynamical system theory, we design a …