Data-Driven Certification of Neural Networks with Random Input Noise

TL;DR

This paper introduces a novel probabilistic certification method for neural network robustness against random input noise, using chance-constrained optimization and sample-based reformulation, validated on multiple datasets.

Contribution

It presents a new approach to certify neural network robustness under stochastic noise by formulating a tractable chance-constrained optimization problem with theoretical guarantees.

Findings

Certifies robustness over larger uncertainty regions than previous methods.

Provides convex conditions and sample complexity bounds for the certification.

Demonstrates effectiveness on synthetic, MNIST, and CIFAR-10 datasets.

Abstract

Methods to certify the robustness of neural networks in the presence of input uncertainty are vital in safety-critical settings. Most certification methods in the literature are designed for adversarial or worst-case inputs, but researchers have recently shown a need for methods that consider random input noise. In this paper, we examine the setting where inputs are subject to random noise coming from an arbitrary probability distribution. We propose a robustness certification method that lower-bounds the probability that network outputs are safe. This bound is cast as a chance-constrained optimization problem, which is then reformulated using input-output samples to make the optimization constraints tractable. We develop sufficient conditions for the resulting optimization to be convex, as well as on the number of samples needed to make the robustness bound hold with overwhelming probability. We show for a special case that the proposed optimization reduces to an intuitive closed-form solution. Case studies on synthetic, MNIST, and CIFAR-10 networks experimentally demonstrate that this method is able to certify robustness against various input noise regimes over larger uncertainty regions than prior state-of-the-art techniques.