Cross-Input Certified Training for Universal Perturbations
Changming Xu, Gagandeep Singh
TL;DR
This paper introduces CITRUS, a new certified training method that enhances neural network robustness against universal adversarial perturbations, improving accuracy and state-of-the-art certified UAP performance.
Contribution
CITRUS is a novel certified training approach specifically designed to defend against universal adversarial perturbations, outperforming existing methods in accuracy and robustness.
Findings
Outperforms traditional methods on standard accuracy by up to 10.3%.
Achieves state-of-the-art certified UAP accuracy.
Proven effective across various datasets, architectures, and perturbation levels.
Abstract
Existing work in trustworthy machine learning primarily focuses on single-input adversarial perturbations. In many real-world attack scenarios, input-agnostic adversarial attacks, e.g. universal adversarial perturbations (UAPs), are much more feasible. Current certified training methods train models robust to single-input perturbations but achieve suboptimal clean and UAP accuracy, thereby limiting their applicability in practical applications. We propose a novel method, CITRUS, for certified training of networks robust against UAP attackers. We show in an extensive evaluation across different datasets, architectures, and perturbation magnitudes that our method outperforms traditional certified training methods on standard accuracy (up to 10.3\%) and achieves SOTA performance on the more practical certified UAP accuracy metric.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSimulation Techniques and Applications