Name
Abstract | ||
|---|---|---|
CLEVER (Cross-Lipschitz Extreme Value for nEtwork Robustness) is an Extreme Value Theory (EVT) based robustness score for large-scale deep neural networks (DNNs). In this paper, we propose two extensions on this robustness score. First, we provide a new formal robustness guarantee for classifier functions that are twice differentiable. We apply extreme value theory on the new formal robustness guarantee and the estimated robustness is called second-order CLEVER score. Second, we discuss how to handle gradient masking, a common defensive technique, using CLEVER with Backward Pass Differentiable Approximation (BPDA). With BPDA applied, CLEVER can evaluate the intrinsic robustness of neural networks of a broader class-networks with non-differentiable input transformations. We demonstrate the effectiveness of CLEVER with BPDA in experiments on a 121-layer Densenet model trained on the ImageNet dataset. |
Year | Venue | Keywords |
|---|---|---|
2018 | IEEE Global Conference on Signal and Information Processing | Adversarial Examples,Deep Learning,Robustness Evaluation |
DocType | Volume | ISSN |
Conference | abs/1810.08640 | 2376-4066 |
Citations | PageRank | References |
0 | 0.34 | 0 |
Authors | ||
6 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Tsui-Wei Weng | 1 | 75 | 7.35 |
| Huan Zhang | 2 | 327 | 23.01 |
| Pin-Yu Chen | 3 | 646 | 74.59 |
| Aurelie C. Lozano | 4 | 145 | 20.21 |
| Cho-Jui Hsieh | 5 | 5034 | 291.05 |
| Luca Daniel | 6 | 497 | 50.96 |