CC-CERT: A Probabilistic Approach to Certify General Robustness of Neural Networks
Abstract
In safety-critical machine learning applications, it is crucial to defend models against adversarial attacks --- small modifications of the input that change the predictions. Besides rigorously studied $\ell_p$-bounded additive perturbations, semantic perturbations (e.g. rotation, translation) raise a serious concern on deploying ML systems in real-world. Therefore, it is important to provide provable guarantees for deep learning models against semantically meaningful input transformations. In this paper, we propose a new universal probabilistic certification approach based on Chernoff-Cramer bounds that can be used in general attack settings. We estimate the probability of a model to fail if the attack is sampled from a certain distribution. Our theoretical findings are supported by experimental results on different datasets.
Cite
Text
Pautov et al. "CC-CERT: A Probabilistic Approach to Certify General Robustness of Neural Networks." AAAI Conference on Artificial Intelligence, 2022. doi:10.1609/AAAI.V36I7.20768Markdown
[Pautov et al. "CC-CERT: A Probabilistic Approach to Certify General Robustness of Neural Networks." AAAI Conference on Artificial Intelligence, 2022.](https://mlanthology.org/aaai/2022/pautov2022aaai-cc/) doi:10.1609/AAAI.V36I7.20768BibTeX
@inproceedings{pautov2022aaai-cc,
title = {{CC-CERT: A Probabilistic Approach to Certify General Robustness of Neural Networks}},
author = {Pautov, Mikhail and Tursynbek, Nurislam and Munkhoeva, Marina and Muravev, Nikita and Petiushko, Aleksandr and Oseledets, Ivan V.},
booktitle = {AAAI Conference on Artificial Intelligence},
year = {2022},
pages = {7975-7983},
doi = {10.1609/AAAI.V36I7.20768},
url = {https://mlanthology.org/aaai/2022/pautov2022aaai-cc/}
}