Boosting Robustness Certification of Neural Networks

Gagandeep Singh; Timon Gehr; Markus Püschel; Martin Vechev

Boosting Robustness Certification of Neural Networks

Gagandeep Singh, Timon Gehr, Markus Püschel, Martin Vechev

Published: 21 Dec 2018, Last Modified: 05 May 2023ICLR 2019 Conference Blind SubmissionReaders: Everyone

Abstract: We present a novel approach for the certification of neural networks against adversarial perturbations which combines scalable overapproximation methods with precise (mixed integer) linear programming. This results in significantly better precision than state-of-the-art verifiers on challenging feedforward and convolutional neural networks with piecewise linear activation functions.

Keywords: Robustness certification, Adversarial Attacks, Abstract Interpretation, MILP Solvers, Verification of Neural Networks

TL;DR: We refine the over-approximation results from incomplete verifiers using MILP solvers to prove more robustness properties than state-of-the-art.

Data: [MNIST](https://paperswithcode.com/dataset/mnist)

8 Replies

Loading