SoK: Certified Robustness for Deep Neural Networks
Linyi Li, Tao Xie, Bo Li
TL;DR
This paper systematically reviews certifiably robust methods for defending deep neural networks against adversarial attacks, providing a taxonomy, benchmarking, and insights into their strengths, limitations, and future directions.
Contribution
It offers the first comprehensive benchmark and taxonomy of certifiably robust approaches, analyzing their characteristics, limitations, and connections, along with an open-source evaluation platform.
Findings
Benchmark results for 20+ approaches across datasets
Insights into strengths and limitations of certifiable methods
Identification of future research challenges
Abstract
Great advances in deep neural networks (DNNs) have led to state-of-the-art performance on a wide range of tasks. However, recent studies have shown that DNNs are vulnerable to adversarial attacks, which have brought great concerns when deploying these models to safety-critical applications such as autonomous driving. Different defense approaches have been proposed against adversarial attacks, including: a) empirical defenses, which can usually be adaptively attacked again without providing robustness certification; and b) certifiably robust approaches, which consist of robustness verification providing the lower bound of robust accuracy against any attacks under certain conditions and corresponding robust training approaches. In this paper, we systematize certifiably robust approaches and related practical and theoretical implications and findings. We also provide the first…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Cardiac Arrest and Resuscitation