Certified Training: Small Boxes are All You Need

OPEN ACCESS

Downloads

Full text (published version) (PDF, 1.32 MB)

Author / Producer

Eckert, Franziska Fischer, Marc

Date

2023-02-01

Publication Type

Conference Paper

ETH Bibliography

yes

Citations

Altmetric
OPEN ACCESS

Downloads

Full text (published version) (PDF, 1.32 MB)

Data

Rights / License

Creative Commons Attribution 4.0 International north_east

Abstract

To obtain, deterministic guarantees of adversarial robustness, specialized training methods are used. We propose, SABR, a novel such certified training method, based on the key insight that propagating interval bounds for a small but carefully selected subset of the adversarial input region is sufficient to approximate the worst-case loss over the whole region while significantly reducing approximation errors. We show in an extensive empirical evaluation that SABR outperforms existing certified defenses in terms of both standard and certifiable accuracies across perturbation magnitudes and datasets, pointing to a new class of certified training methods promising to alleviate the robustness-accuracy trade-off.

Permanent link

https://doi.org/10.3929/ethz-b-000645856

Publication status

published

External links

https://openreview.net/forum?id=7oFuxtJtUMH north_east

Editor

Book title

The Eleventh International Conference on Learning Representations

Journal / series

Volume

Pages / Article No.

Publisher

OpenReview

Event

11th International Conference on Learning Representations (ICLR 2023)

Edition / version

Methods

Software

Geographic location

Date collected

Date created

Subject

Certified Training; Certified Robustness; Adversarial Robustness; Robustness Verification

Organisational unit

03948 - Vechev, Martin / Vechev, Martin check_circle

Notes

Funding

101070617/22.00164 - European Lighthouse on Secure and Safe AI (SBFI)
MB22.00088 - SafeAI: Certified Safe, Fair and Robust Artificial Intelligence (SBFI)

Related publications and datasets

More

Show all metadata