On the Effectiveness of Interval Bound Propagation for Training Verifiably Robust Models

10/30/2018
by   Sven Gowal, et al.
0

Recent works have shown that it is possible to train models that are verifiably robust to norm-bounded adversarial perturbations. While these recent methods show promise, they remain hard to scale and difficult to tune. This paper investigates how interval bound propagation (IBP) using simple interval arithmetic can be exploited to train verifiably robust neural networks that are surprisingly effective. While IBP itself has been studied in prior work, our contribution is in showing that, with an appropriate loss and careful tuning of hyper-parameters, verified training with IBP leads to a fast and stable learning algorithm. We compare our approach with recent techniques, and train classifiers that improve on the state-of-the-art in single-model adversarial robustness: we reduce the verified error rate from 3.67 (with ℓ_∞ perturbations of ϵ = 0.1), from 19.32 MNIST (at ϵ = 0.3), and from 78.22 ϵ = 8/255).

READ FULL TEXT

page 11

page 12

research
03/16/2022

On the Convergence of Certified Robust Training with Interval Bound Propagation

Interval Bound Propagation (IBP) is so far the base of state-of-the-art ...
research
06/03/2019

Fast and Stable Interval Bounds Propagation for Training Verifiably Robust Models

We present an efficient technique, which allows to train classification ...
research
06/29/2022

IBP Regularization for Verified Adversarial Robustness via Branch-and-Bound

Recent works have tried to increase the verifiability of adversarially t...
research
04/01/2021

Towards Evaluating and Training Verifiably Robust Neural Networks

Recent works have shown that interval bound propagation (IBP) can be use...
research
09/03/2019

Achieving Verified Robustness to Symbol Substitutions via Interval Bound Propagation

Neural networks are part of many contemporary NLP systems, yet their emp...
research
02/02/2023

On the Robustness of Randomized Ensembles to Adversarial Perturbations

Randomized ensemble classifiers (RECs), where one classifier is randomly...
research
10/22/2018

Cost-Sensitive Robustness against Adversarial Examples

Several recent works have developed methods for training classifiers tha...

Please sign up or login with your details

Forgot password? Click here to reset