Towards Stable and Efficient Training of Verifiably Robust Neural Networks

TL;DR

This paper introduces CROWN-IBP, a new training method that combines interval bound propagation and linear relaxation to efficiently train neural networks with verifiable robustness, outperforming previous methods on MNIST and CIFAR datasets.

Contribution

The paper proposes CROWN-IBP, a novel certified adversarial training approach that combines IBP and linear relaxation for improved efficiency and robustness in neural network training.

Findings

CROWN-IBP outperforms IBP baselines in training verifiably robust networks.

Achieves 7.02% verified error on MNIST at ε=0.3.

Achieves 66.94% verified error on CIFAR-10 at ε=8/255.

Abstract

Training neural networks with verifiable robustness guarantees is challenging. Several existing approaches utilize linear relaxation based neural network output bounds under perturbation, but they can slow down training by a factor of hundreds depending on the underlying network architectures. Meanwhile, interval bound propagation (IBP) based training is efficient and significantly outperforms linear relaxation based methods on many tasks, yet it may suffer from stability issues since the bounds are much looser especially at the beginning of training. In this paper, we propose a new certified adversarial training method, CROWN-IBP, by combining the fast IBP bounds in a forward bounding pass and a tight linear relaxation based bound, CROWN, in a backward bounding pass. CROWN-IBP is computationally efficient and consistently outperforms IBP baselines on training verifiably robust neural networks. We conduct large scale experiments on MNIST and CIFAR datasets, and outperform all previous linear relaxation and bound propagation based certified defenses in $\ell_\infty$ robustness. Notably, we achieve 7.02% verified test error on MNIST at $\epsilon=0.3$, and 66.94% on CIFAR-10 with $\epsilon=8/255$. Code is available at https://github.com/deepmind/interval-bound-propagation (TensorFlow) and https://github.com/huanzhang12/CROWN-IBP (PyTorch).