Certified Training: Small Boxes are All You NeedDownload PDF

Mark Niklas Mueller, Franziska Eckert, Marc Fischer, Martin Vechev

Published: 21 Nov 2022, Last Modified: 21 Apr 2024TSRML2022Readers: Everyone
Keywords: Certified Training, Certified Robustness, Adversarial Robustness, Robustness Verification
TL;DR: We propose a novel certified training method based on propagating small input regions, establishing a new state of the art for certified accuracy.
Abstract: We propose the novel certified training method, SABR, which outperforms existing methods across perturbation magnitudes on MNIST, CIFAR-10, and TinyImageNet, in terms of both standard and certifiable accuracies. The key insight behind SABR is that propagating interval bounds for a small but carefully selected subset of the adversarial input region is sufficient to approximate the worst-case loss over the whole region while significantly reducing approximation errors. SABR does not only establish a new state-of-the-art in all commonly used benchmarks but more importantly, points to a new class of certified training methods promising to overcome the robustness-accuracy trade-off.
Community Implementations: [![CatalyzeX](/images/catalyzex_icon.svg) 1 code implementation](https://www.catalyzex.com/paper/arxiv:2210.04871/code)
4 Replies