Adversarial Boot Camp: label free certified robustness in one epoch
Ryan Campbell, Chris Finlay, Adam M Oberman
TL;DR
This paper introduces a deterministic method for certifying robustness in machine learning models against adversarial attacks, achieving results on ImageNet-1k with just one epoch of training without label data.
Contribution
It presents a novel deterministic certification approach based on regularized loss and Gaussian averages, enabling label-free training for robust models in a single epoch.
Findings
Achieved certified robustness on ImageNet-1k.
Revealed equivalence between regularized training and Gaussian averages.
Performed robust training without label information in one epoch.
Abstract
Machine learning models are vulnerable to adversarial attacks. One approach to addressing this vulnerability is certification, which focuses on models that are guaranteed to be robust for a given perturbation size. A drawback of recent certified models is that they are stochastic: they require multiple computationally expensive model evaluations with random noise added to a given input. In our work, we present a deterministic certification approach which results in a certifiably robust model. This approach is based on an equivalence between training with a particular regularized loss, and the expected values of Gaussian averages. We achieve certified models on ImageNet-1k by retraining a model with this loss for one epoch without the use of label information.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Machine Learning and Algorithms · Domain Adaptation and Few-Shot Learning