Robustness against Adversarial Attacks in Neural Networks using Incremental Dissipativity

TL;DR

This paper introduces a novel robustness certificate for neural networks based on incremental dissipativity, providing formal guarantees against adversarial attacks and demonstrating improved resilience on standard datasets.

Contribution

It proposes an incremental dissipativity-based robustness certificate expressed as a linear matrix inequality, scalable to multi-layer neural networks, with demonstrated empirical improvements.

Findings

Enhanced robustness against adversarial attacks on MNIST and CIFAR-10.

Scalable spectral norm bound for robustness certification.

Formal guarantees provided by the dissipativity-based certificate.

Abstract

Adversarial examples can easily degrade the classification performance in neural networks. Empirical methods for promoting robustness to such examples have been proposed, but often lack both analytical insights and formal guarantees. Recently, some robustness certificates have appeared in the literature based on system theoretic notions. This work proposes an incremental dissipativity-based robustness certificate for neural networks in the form of a linear matrix inequality for each layer. We also propose an equivalent spectral norm bound for this certificate which is scalable to neural networks with multiple layers. We demonstrate the improved performance against adversarial attacks on a feed-forward neural network trained on MNIST and an Alexnet trained using CIFAR-10.