Contrastive ECOC: Learning Output Codes for Adversarial Defense

Although one-hot encoding is commonly used for multiclass classification, it is not always the most effective encoding mechanism. Error Correcting Output Codes (ECOC) address multiclass classification by mapping each class to a unique codeword used as a label. Traditional ECOC methods rely on manually designed or randomly generated codebooks, which are labor-intensive and may yield suboptimal, dataset-agnostic results. This paper introduces three models for automated codebook learning based on contrastive learning, allowing codebooks to be learned directly and adaptively from data. Across four datasets, our proposed models demonstrate superior robustness to adversarial attacks compared to two baselines. The source is available at https://github.com/YuChou20/Automated-Codebook-Learning-with-Error-Correcting-Output-Code-Technique.

Key Contributions

Three automated codebook learning (ACL) models that learn dataset-specific ECOC codebooks via contrastive learning, replacing manual/random codebook design
Integration of row separation loss and column separation loss into a contrastive learning framework (SimCLR-based) to maximize codeword distinctiveness
Demonstrated superior adversarial robustness against FGSM, PGD, and C&W attacks compared to manually designed and randomly generated ECOC baselines on four datasets

🛡️ Threat Analysis

Input Manipulation Attack

The paper explicitly targets defense against adversarial input manipulation attacks (FGSM, PGD, C&W) — the entire motivation and evaluation is adversarial robustness at inference time. The proposed ECOC codebook acts as a structural defense layer that leverages error-correction properties to absorb adversarial perturbations.

Details

Domains

vision

Model Types

cnn

Threat Tags

white_boxinference_timeuntargeteddigital

Applications

2026 0 cit.

Input Manipulation Attack

100%