Log In Sign Up

Probabilistic Safety for Bayesian Neural Networks

by   Matthew Wicker, et al.

We study probabilistic safety for Bayesian Neural Networks (BNNs) under adversarial input perturbations. Given a compact set of input points, T ⊆ R^m, we study the probability w.r.t. the BNN posterior that all the points in T are mapped to the same, given region S in the output space. In particular, this can be used to evaluate the probability that a network sampled from the BNN is vulnerable to adversarial attacks. We rely on relaxation techniques from non-convex optimization to develop a method for computing a lower bound on probabilistic safety for BNNs, deriving explicit procedures for the case of interval and linear function propagation techniques. We apply our methods to BNNs trained on a regression task, airborne collision avoidance, and MNIST, empirically showing that our approach allows one to certify probabilistic safety of BNNs with thousands of neurons.


Bayesian Inference with Certifiable Adversarial Robustness

We consider adversarial training of deep neural networks through the len...

Sampled Nonlocal Gradients for Stronger Adversarial Attacks

The vulnerability of deep neural networks to small and even imperceptibl...

Second-Order Provable Defenses against Adversarial Attacks

A robustness certificate is the minimum distance of a given input to the...

Grid-Free Computation of Probabilistic Safety with Malliavin Calculus

We work with continuous-time, continuous-space stochastic dynamical syst...

Efficient Formal Safety Analysis of Neural Networks

Neural networks are increasingly deployed in real-world safety-critical ...

Probabilistic Verification and Reachability Analysis of Neural Networks via Semidefinite Programming

Quantifying the robustness of neural networks or verifying their safety ...

Adversarial Attacks on Probabilistic Autoregressive Forecasting Models

We develop an effective generation of adversarial attacks on neural mode...