Robustness Verification of ReLU Networks via Quadratic Programming

MLJ 2022 pp. 2407-2433

doi:10.1007/S10994-022-06132-9 /mlj/2022/kuvshinov2022mlj-robustness/

Abstract

Neural networks are known to be sensitive to adversarial perturbations. To investigate this undesired behavior we consider the problem of computing the distance to the decision boundary (DtDB) from a given sample for a deep neural net classifier. In this work we present a procedure where we solve a convex quadratic programming (QP) task to obtain a lower bound on the DtDB. This bound is used as a robustness certificate of the classifier around a given sample. We show that our approach provides better or competitive results in comparison with a wide range of existing techniques.

PDF MLJ Semantic Scholar

Cite

Text

Kuvshinov and Günnemann. "Robustness Verification of ReLU Networks via Quadratic Programming." Machine Learning, 2022. doi:10.1007/S10994-022-06132-9

Markdown

[Kuvshinov and Günnemann. "Robustness Verification of ReLU Networks via Quadratic Programming." Machine Learning, 2022.](https://mlanthology.org/mlj/2022/kuvshinov2022mlj-robustness/) doi:10.1007/S10994-022-06132-9

BibTeX

@article{kuvshinov2022mlj-robustness,
  title     = {{Robustness Verification of ReLU Networks via Quadratic Programming}},
  author    = {Kuvshinov, Aleksei and Günnemann, Stephan},
  journal   = {Machine Learning},
  year      = {2022},
  pages     = {2407-2433},
  doi       = {10.1007/S10994-022-06132-9},
  volume    = {111},
  url       = {https://mlanthology.org/mlj/2022/kuvshinov2022mlj-robustness/}
}