CC-Cert: A Probabilistic Approach to Certify General Robustness of Neural Networks

TL;DR

This paper introduces CC-Cert, a probabilistic certification method that provides guarantees for neural network robustness against both traditional and semantic input perturbations, enhancing safety in real-world applications.

Contribution

It proposes a novel universal probabilistic certification approach using Chernoff-Cramer bounds applicable to general attack scenarios.

Findings

Supports theoretical guarantees with experimental validation

Effective against semantic perturbations like rotation and translation

Applicable to various datasets and attack types

Abstract

In safety-critical machine learning applications, it is crucial to defend models against adversarial attacks -- small modifications of the input that change the predictions. Besides rigorously studied $\ell_p$-bounded additive perturbations, recently proposed semantic perturbations (e.g. rotation, translation) raise a serious concern on deploying ML systems in real-world. Therefore, it is important to provide provable guarantees for deep learning models against semantically meaningful input transformations. In this paper, we propose a new universal probabilistic certification approach based on Chernoff-Cramer bounds that can be used in general attack settings. We estimate the probability of a model to fail if the attack is sampled from a certain distribution. Our theoretical findings are supported by experimental results on different datasets.