DeepAI AI Chat
Log In Sign Up

CC-Cert: A Probabilistic Approach to Certify General Robustness of Neural Networks

by   Mikhail Pautov, et al.

In safety-critical machine learning applications, it is crucial to defend models against adversarial attacks – small modifications of the input that change the predictions. Besides rigorously studied ℓ_p-bounded additive perturbations, recently proposed semantic perturbations (e.g. rotation, translation) raise a serious concern on deploying ML systems in real-world. Therefore, it is important to provide provable guarantees for deep learning models against semantically meaningful input transformations. In this paper, we propose a new universal probabilistic certification approach based on Chernoff-Cramer bounds that can be used in general attack settings. We estimate the probability of a model to fail if the attack is sampled from a certain distribution. Our theoretical findings are supported by experimental results on different datasets.


page 1

page 2

page 3

page 4


PRoA: A Probabilistic Robustness Assessment against Functional Perturbations

In safety-critical deep learning applications robustness measurement is ...

Robust Universal Adversarial Perturbations

Universal Adversarial Perturbations (UAPs) are imperceptible, image-agno...

Robustness of Machine Learning Models Beyond Adversarial Attacks

Correctly quantifying the robustness of machine learning models is a cen...

Efficient Certification of Spatial Robustness

Recent work has exposed the vulnerability of computer vision models to s...

Real-Time Adversarial Attacks

In recent years, many efforts have demonstrated that modern machine lear...

Achieving Robustness in the Wild via Adversarial Mixing with Disentangled Representations

Recent research has made the surprising finding that state-of-the-art de...

An Experimental Study of Semantic Continuity for Deep Learning Models

Deep learning models suffer from the problem of semantic discontinuity: ...