Boosting Robustness Certification of Neural NetworksDownload PDF

Published: 21 Dec 2018, Last Modified: 05 May 2023ICLR 2019 Conference Blind SubmissionReaders: Everyone
Abstract: We present a novel approach for the certification of neural networks against adversarial perturbations which combines scalable overapproximation methods with precise (mixed integer) linear programming. This results in significantly better precision than state-of-the-art verifiers on challenging feedforward and convolutional neural networks with piecewise linear activation functions.
Keywords: Robustness certification, Adversarial Attacks, Abstract Interpretation, MILP Solvers, Verification of Neural Networks
TL;DR: We refine the over-approximation results from incomplete verifiers using MILP solvers to prove more robustness properties than state-of-the-art.
Data: [MNIST](
8 Replies