Provable Instance Specific Robustness via Linear Constraints

Ahmed Imtiaz Humayun; Josue Casco-Rodriguez; Randall Balestriero; Richard Baraniuk

Provable Instance Specific Robustness via Linear Constraints

Ahmed Imtiaz Humayun, Josue Casco-Rodriguez, Randall Balestriero, Richard Baraniuk

Published: 20 Jun 2023, Last Modified: 07 Aug 2023AdvML-Frontiers 2023EveryoneRevisionsBibTeX

Keywords: Provable robustness, imbalanced data, splinecam

TL;DR: We present a provable method to ensure class-specific robustness, without any adversarial training

Abstract: Deep Neural Networks (DNNs) trained for classification tasks are vulnerable to adversarial attacks. But not all the classes are equally vulnerable. Adversarial training does not make all classes or groups equally robust as well. For example, in classification tasks with long-tailed distributions, classes are asymmetrically affected during adversarial training, with lower robust accuracy for less frequent classes. In this regard, we propose a provable robustness method by leveraging the continuous piecewise-affine (CPA) nature of DNNs. Our method can impose linearity constraints on the decision boundary, as well as the DNN CPA partition, without requiring any adversarial training. Using such constraints, we show that the margin between the decision boundary and minority classes can be increased in a provable manner. We also present qualitative and quantitative validation of our method for class-specific robustness.

Submission Number: 93

Loading