Training Provably Robust Models by Polyhedral Envelope Regularization

被引：6

作者：

Liu, Chen ^{[1
]}

Salzmann, Mathieu ^{[1
]}

Susstrunk, Sabine ^{[1
]}

机构：

[1] Ecole Polytech Fed Lausanne EPFL, Sch Comp & Commun Sci, CH-1015 Lausanne, Switzerland

来源：

IEEE TRANSACTIONS ON NEURAL NETWORKS AND LEARNING SYSTEMS | 2023年 / 34卷 / 06期

关键词：

Robustness; Training; Predictive models; Computational modeling; Standards; Smoothing methods; Recurrent neural networks; Adversarial training; provable robustness;

D O I：

10.1109/TNNLS.2021.3111892

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Training certifiable neural networks enables us to obtain models with robustness guarantees against adversarial attacks. In this work, we introduce a framework to obtain a provable adversarial-free region in the neighborhood of the input data by a polyhedral envelope, which yields more fine-grained certified robustness than existing methods. We further introduce polyhedral envelope regularization (PER) to encourage larger adversarial-free regions and thus improve the provable robustness of the models. We demonstrate the flexibility and effectiveness of our framework on standard benchmarks; it applies to networks of different architectures and with general activation functions. Compared with state of the art, PER has negligible computational overhead; it achieves better robustness guarantees and accuracy on the clean data in various settings.

引用

页码：3146 / 3160

页数：15

共 51 条

[41]

Vechev M., 2020, 8 INT C LEARN REPR I, P1

[42]

Wang SQ, 2018, ADV NEUR IN, V31

[43]

Weng TW, 2018, PR MACH LEARN RES, V80

[44]

Wong E, 2018, ADV NEUR IN, V31

[45]

Wong E, 2018, PR MACH LEARN RES, V80

[46]

Wu DX, 2020, ADV NEUR IN, V33

[47]

Xiao C., 2020, INT C LEARN REPR

[48]

Xiao K, 2019, IEEE ICC

[49]

Zhang DH, 2019, ADV NEUR IN, V32

[50]

Zhang H., 2020, PROC INT C LEARN REP

← 1 2 3 4 5 6 →