Deterministic Gaussian Averaged Neural Networks
Ryan Campbell, Chris Finlay, Adam M Oberman
TL;DR
This paper introduces a deterministic approach to compute Gaussian averages of neural networks, enabling efficient certification of model robustness against adversarial attacks without stochastic sampling.
Contribution
A novel deterministic method for Gaussian averaging in neural networks that matches stochastic methods in robustness certification while requiring only one inference pass.
Findings
Achieves comparable certified accuracy to randomized smoothing
Requires only a single model evaluation during inference
Provides robustness certification for both regression and classification models
Abstract
We present a deterministic method to compute the Gaussian average of neural networks used in regression and classification. Our method is based on an equivalence between training with a particular regularized loss, and the expected values of Gaussian averages. We use this equivalence to certify models which perform well on clean data but are not robust to adversarial perturbations. In terms of certified accuracy and adversarial robustness, our method is comparable to known stochastic methods such as randomized smoothing, but requires only a single model evaluation during inference.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Explainable Artificial Intelligence (XAI) · Anomaly Detection Techniques and Applications