Conference Proceedings
Double Bubble, Toil and Trouble: Enhancing Certified Robustness through Transitivity
AC Cullen, P Montague, S Liu, SM Erfani, BIP Rubinstein
Advances in Neural Information Processing Systems 35 (NeurIPS 2022) | NeurIPS | Published : 2022
Abstract
In response to subtle adversarial examples flipping classifications of neural network models, recent research has promoted certified robustness as a solution. There, invariance of predictions to all norm-bounded attacks is achieved through randomised smoothing of network inputs. Today's state-of-the-art certifications make optimal use of the class output scores at the input instance under test: no better radius of certification (under the L2 norm) is possible given only these score. However, it is an open question as to whether such lower bounds can be improved using local information around the instance under test. In this work, we demonstrate how today's “optimal” certificates can be impro..
View full abstractGrants
Awarded by Australian Research Council
Funding Acknowledgements
This research was undertaken using the LIEF HPC-GPGPU Facility hosted at the University of Melbourne. This Facility was established with the assistance of LIEF Grant LE170100200. This work was also supported in part by the Australian Department of Defence Next Generation Technologies Fund, as part of the CSIRO/Data61 CRP AMLC project. Sarah Erfani is in part supported by Australian Research Council (ARC) Discovery Early Career Researcher Award (DECRA) DE220100680.