TL;DR
This paper introduces new metrics and an algorithm for measuring neural network robustness, demonstrating improved evaluation and robustness enhancement on MNIST and CIFAR-10 datasets.
Contribution
It proposes a novel linear programming-based approach to quantify neural net robustness and shows how it can be used to improve robustness beyond existing methods.
Findings
The new metrics provide more informative robustness estimates.
The algorithm outperforms existing methods in estimating robustness.
The techniques improve neural network robustness according to multiple metrics.
Abstract
Despite having high accuracy, neural nets have been shown to be susceptible to adversarial examples, where a small perturbation to an input can cause it to become mislabeled. We propose metrics for measuring the robustness of a neural net and devise a novel algorithm for approximating these metrics based on an encoding of robustness as a linear program. We show how our metrics can be used to evaluate the robustness of deep neural nets with experiments on the MNIST and CIFAR-10 datasets. Our algorithm generates more informative estimates of robustness metrics compared to estimates based on existing algorithms. Furthermore, we show how existing approaches to improving robustness "overfit" to adversarial examples generated using a specific algorithm. Finally, we show that our techniques can be used to additionally improve neural net robustness both according to the metrics that we propose,…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
