# Statistical Guarantees for the Robustness of Bayesian Neural Networks

**Authors:** Luca Cardelli, Marta Kwiatkowska, Luca Laurenti, Nicola Paoletti,, Andrea Patane, and Matthew Wicker

arXiv: 1903.01980 · 2019-03-06

## TL;DR

This paper proposes a probabilistic robustness measure for Bayesian Neural Networks, enabling the quantification of adversarial vulnerability with statistical guarantees, and compares various inference techniques on image classification datasets.

## Contribution

It introduces a new probabilistic robustness measure for BNNs and a framework to estimate it with statistical guarantees, advancing robustness verification methods.

## Key findings

- The framework provides statistical guarantees for robustness estimates.
- Experimental results compare inference techniques on MNIST and GTSRB datasets.
- Quantifies uncertainty of BNN predictions in adversarial scenarios.

## Abstract

We introduce a probabilistic robustness measure for Bayesian Neural Networks (BNNs), defined as the probability that, given a test point, there exists a point within a bounded set such that the BNN prediction differs between the two. Such a measure can be used, for instance, to quantify the probability of the existence of adversarial examples. Building on statistical verification techniques for probabilistic models, we develop a framework that allows us to estimate probabilistic robustness for a BNN with statistical guarantees, i.e., with a priori error and confidence bounds. We provide experimental comparison for several approximate BNN inference techniques on image classification tasks associated to MNIST and a two-class subset of the GTSRB dataset. Our results enable quantification of uncertainty of BNN predictions in adversarial settings.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1903.01980/full.md

## Figures

8 figures with captions in the complete paper: https://tomesphere.com/paper/1903.01980/full.md

## References

32 references — full list in the complete paper: https://tomesphere.com/paper/1903.01980/full.md

---
Source: https://tomesphere.com/paper/1903.01980