Training verified learners with learned verifiers

TL;DR

This paper introduces predictor-verifier training, a framework for developing neural networks that are provably verifiable, achieving state-of-the-art robustness and scalability to complex datasets like CIFAR-10.

Contribution

The paper presents a novel simultaneous training method for predictor and verifier networks, enabling verifiable robustness with faster training and scalability to larger datasets.

Findings

Achieves state-of-the-art verified robustness on MNIST and SVHN.

Scales to produce verifiably robust networks for CIFAR-10.

Reduces training time compared to previous methods.

Abstract

This paper proposes a new algorithmic framework, predictor-verifier training, to train neural networks that are verifiable, i.e., networks that provably satisfy some desired input-output properties. The key idea is to simultaneously train two networks: a predictor network that performs the task at hand,e.g., predicting labels given inputs, and a verifier network that computes a bound on how well the predictor satisfies the properties being verified. Both networks can be trained simultaneously to optimize a weighted combination of the standard data-fitting loss and a term that bounds the maximum violation of the property. Experiments show that not only is the predictor-verifier architecture able to train networks to achieve state of the art verified robustness to adversarial examples with much shorter training times (outperforming previous algorithms on small datasets like MNIST and SVHN), but it can also be scaled to produce the first known (to the best of our knowledge) verifiably robust networks for CIFAR-10.