Training Provably Robust Models by Polyhedral Envelope Regularization
Chen Liu, Mathieu Salzmann, Sabine S\"usstrunk
TL;DR
This paper presents a new framework for certifiable neural network training that uses polyhedral envelopes to improve robustness guarantees against adversarial attacks, with minimal computational cost.
Contribution
It introduces polyhedral envelope regularization (PER), a novel method to enhance provable robustness across various network architectures and activation functions.
Findings
PER improves robustness guarantees compared to state-of-the-art methods.
The framework applies to different architectures and activation functions.
PER achieves better robustness with little additional computational overhead.
Abstract
Training certifiable neural networks enables one to obtain models with robustness guarantees against adversarial attacks. In this work, we introduce a framework to bound the adversary-free region in the neighborhood of the input data by a polyhedral envelope, which yields finer-grained certified robustness. We further introduce polyhedral envelope regularization (PER) to encourage larger polyhedral envelopes and thus improve the provable robustness of the models. We demonstrate the flexibility and effectiveness of our framework on standard benchmarks; it applies to networks of different architectures and general activation functions. Compared with the state-of-the-art methods, PER has very little computational overhead and better robustness guarantees without over-regularizing the model.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Advanced Neural Network Applications · Cardiac Arrest and Resuscitation