What problem does this paper attempt to address?

The problem that this paper attempts to solve is to improve the robustness of the Deep Equilibrium (DEQ) model under adversarial attacks. Specifically, the author points out that although the DEQ model performs well in various practical scenarios, its adversarial robustness has not been fully studied and optimized. Existing works mainly improve the robustness of the DEQ model through the widely - used Adversarial Training (AT) framework, but these methods fail to fully utilize the unique structural characteristics of the DEQ model. Therefore, the goal of the paper is to further enhance its adversarial robustness by explicitly regulating the neural dynamic process in the DEQ model. ### Main contributions of the paper 1. **Neural dynamics perspective**: - The author reinterprets the DEQ model from the perspective of neural dynamics and finds that existing adversarial training methods mainly focus on the final equilibrium state and insufficiently regulate the intermediate states. This leads to the fact that even after adversarial training, the intermediate states of the DEQ model are still vulnerable to attacks. 2. **Input entropy reduction framework**: - In order to reduce the prediction entropy, the author proposes a method of gradually updating the input. By gradually adjusting the input during the testing phase, the intermediate states of the model gradually tend to a low - entropy state, thereby improving the robustness of the model. Specifically, the author defines an optimization framework that gradually updates the input through the gradient descent method to reduce the prediction entropy of the final state. 3. **Random intermediate - state loss calculation**: - In addition to gradually updating the input during the testing phase, the author also proposes to use randomly selected intermediate states to calculate the loss function during the training phase. This method can explicitly regulate the intermediate states without violating the memory constraints of the DEQ model. In this way, the model can exhibit higher robustness under adversarial attacks. ### Experimental results - **Benchmark comparison**: - The author conducted extensive experiments on the CIFAR - 10 dataset to compare the robustness of traditional deep networks (such as ResNet - 18) and the DEQ model. The results show that after using the method proposed by the author, the robustness of the DEQ model is significantly improved and even exceeds the performance of strong baseline models (such as ResNet - 18). - **Intermediate - state attack**: - The author also conducted comprehensive intermediate - state attack experiments to verify the effectiveness of intermediate - state attacks. Compared with off - the - shelf attack methods, intermediate - state attacks can always reduce the white - box adversarial robustness of the model to a greater extent. ### Conclusion By explicitly regulating the neural dynamic process in the DEQ model, this paper successfully improves the robustness of the DEQ model under adversarial attacks. These methods not only perform excellently on the standard white - box adversarial robustness evaluation benchmark but also show stronger robustness in intermediate - state attacks. This research result provides new ideas and methods for the future robustness optimization of the DEQ model.