DeepAI AI Chat
Log In Sign Up

CC-Cert: A Probabilistic Approach to Certify General Robustness of Neural Networks

09/22/2021
by   Mikhail Pautov, et al.
0

In safety-critical machine learning applications, it is crucial to defend models against adversarial attacks – small modifications of the input that change the predictions. Besides rigorously studied ℓ_p-bounded additive perturbations, recently proposed semantic perturbations (e.g. rotation, translation) raise a serious concern on deploying ML systems in real-world. Therefore, it is important to provide provable guarantees for deep learning models against semantically meaningful input transformations. In this paper, we propose a new universal probabilistic certification approach based on Chernoff-Cramer bounds that can be used in general attack settings. We estimate the probability of a model to fail if the attack is sampled from a certain distribution. Our theoretical findings are supported by experimental results on different datasets.

READ FULL TEXT

page 1

page 2

page 3

page 4

07/05/2022

PRoA: A Probabilistic Robustness Assessment against Functional Perturbations

In safety-critical deep learning applications robustness measurement is ...
06/22/2022

Robust Universal Adversarial Perturbations

Universal Adversarial Perturbations (UAPs) are imperceptible, image-agno...
04/21/2022

Robustness of Machine Learning Models Beyond Adversarial Attacks

Correctly quantifying the robustness of machine learning models is a cen...
09/19/2020

Efficient Certification of Spatial Robustness

Recent work has exposed the vulnerability of computer vision models to s...
05/31/2019

Real-Time Adversarial Attacks

In recent years, many efforts have demonstrated that modern machine lear...
12/06/2019

Achieving Robustness in the Wild via Adversarial Mixing with Disentangled Representations

Recent research has made the surprising finding that state-of-the-art de...
11/19/2020

An Experimental Study of Semantic Continuity for Deep Learning Models

Deep learning models suffer from the problem of semantic discontinuity: ...