Provable Robustness Against All Adversarial $l_p$-Perturbations for $p\geq 1$

Croce, Francesco; Hein, Matthias

Provable Robustness Against All Adversarial $l_p$-Perturbations for $p\geq 1$

ICLR 2020

/iclr/2020/croce2020iclr-provable/

Abstract

In recent years several adversarial attacks and defenses have been proposed. Often seemingly robust models turn out to be non-robust when more sophisticated attacks are used. One way out of this dilemma are provable robustness guarantees. While provably robust models for specific $l_p$-perturbation models have been developed, we show that they do not come with any guarantee against other $l_q$-perturbations. We propose a new regularization scheme, MMR-Universal, for ReLU networks which enforces robustness wrt $l_1$- \textit{and} $l_\infty$-perturbations and show how that leads to the first provably robust models wrt any $l_p$-norm for $p\geq 1$.

PDF ICLR Semantic Scholar

Cite

Text

Croce and Hein. "Provable Robustness Against All Adversarial $l_p$-Perturbations for $p\geq 1$." International Conference on Learning Representations, 2020.

Markdown

[Croce and Hein. "Provable Robustness Against All Adversarial $l_p$-Perturbations for $p\geq 1$." International Conference on Learning Representations, 2020.](https://mlanthology.org/iclr/2020/croce2020iclr-provable/)

BibTeX

@inproceedings{croce2020iclr-provable,
  title     = {{Provable Robustness Against All Adversarial $l_p$-Perturbations for $p\geq 1$}},
  author    = {Croce, Francesco and Hein, Matthias},
  booktitle = {International Conference on Learning Representations},
  year      = {2020},
  url       = {https://mlanthology.org/iclr/2020/croce2020iclr-provable/}
}