Name
Abstract | ||
|---|---|---|
Training neural networks with verifiable robustness guarantees is challenging. Several existing approaches utilize linear relaxation based neural network output bounds under perturbation, but they can slow down training by a factor of hundreds depending on the underlying network architectures. Meanwhile, interval bound propagation (IBP) based training is efficient and significantly outperforms linear relaxation based methods on many tasks, yet it may suffer from stability issues since the bounds are much looser especially at the beginning of training. In this paper, we propose a new certified adversarial training method, CROWN-IBP, by combining the fast IBP bounds in a forward bounding pass and a tight linear relaxation based bound, CROWN, in a backward bounding pass. CROWN-IBP is computationally efficient and consistently outperforms IBP baselines on training verifiably robust neural networks. We conduct large scale experiments on MNIST and CIFAR datasets, and outperform all previous linear relaxation and bound propagation based certified defenses in L_inf robustness.
Notably, we achieve 7.02% verified test error on MNIST at epsilon=0.3, and 66.94% on CIFAR-10 with epsilon=8/255. |
Year | Venue | Keywords |
|---|---|---|
2019 | CoRR | Robust Neural Networks, Verifiable Training, Certified Adversarial Defense |
DocType | Volume | Citations |
Journal | abs/1906.06316 | 0 |
PageRank | References | Authors |
0.34 | 0 | 6 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Huan Zhang | 1 | 327 | 23.01 |
| Hongge Chen | 2 | 36 | 4.58 |
| Chaowei Xiao | 3 | 345 | 17.77 |
| Bo Li | 4 | 971 | 111.71 |
| Duane Boning | 5 | 201 | 49.37 |
| Cho-Jui Hsieh | 6 | 5034 | 291.05 |