Efficient Robust Conformal Prediction via Lipschitz-Bounded Networks

Download PDF

Thomas Massena, Léo Andéol, Thibaut Boissin, Franck Mamalet, Corentin Friedrich, Mathieu Serrurier, Sébastien Gerchinovitz

Published: 01 May 2025, Last Modified: 18 Jun 2025ICML 2025 posterEveryoneRevisionsBibTeXCC BY 4.0
TL;DR: This paper conducts a careful study of conformal prediction under attack: it provides an efficient framework for robust conformal prediction and introduces a powerful robustness auditing process for vanilla conformal prediction.
Abstract: Conformal Prediction (CP) has proven to be an effective post-hoc method for improving the trustworthiness of neural networks by providing prediction sets with finite-sample guarantees. However, under adversarial attacks, classical conformal guarantees do not hold anymore: this problem is addressed in the field of Robust Conformal Prediction. Several methods have been proposed to provide robust CP sets with guarantees under adversarial perturbations, but, for large scale problems, these sets are either too large or the methods are too computationally demanding to be deployed in real life scenarios. In this work, we propose a new method that leverages Lipschitz-bounded networks to precisely and efficiently estimate robust CP sets. When combined with a 1-Lipschitz robust network, we demonstrate that our *lip-rcp* method outperforms state-of-the-art results in both the size of the robust CP sets and computational efficiency in medium and large-scale scenarios such as ImageNet. Taking a different angle, we also study vanilla CP under attack, and derive new worst-case coverage bounds of vanilla CP sets, which are valid simultaneously for all adversarial attack levels. Our *lip-rcp* method makes this second approach as efficient as vanilla CP while also allowing robustness guarantees.
Lay Summary: Most AI models make pointwise predictions (e.g. a label in classification) without a reliable notion of uncertainty. Conformal Prediction replaces these pointwise predictions by sets (in classification) or intervals (regression) with a rigorous sense of uncertainty. These sets can however exhibit pathological behaviour when someone deliberately tweaks their inputs in a way that is imperceptible to the human eye. Existing fixes give overly cautious answers (conformal sets so big they’re uninformative) or are too slow to run on real‐world tasks like classifying millions of images. We introduce *lip-rcp*, a lightweight method that wraps around specially designed “smooth” neural networks, whose sensitivity to input changes is strictly enforced. By leveraging this built-in stability, our method computes trustworthy and informative “confidence sets” (the range of labels the model can safely include) much faster and with minimal overhead compared to prior approaches. We also prove new worst-case guarantees for vanilla conformal prediction, showing exactly how reliable it remains under any attack level. *lip-rcp* brings provable safety and efficiency to large-scale vision tasks without sacrificing speed, making it practical to deploy AI systems that are robust to malicious attacks—an important step toward more robust, trustworthy machine learning.
Link To Code: https://github.com/deel-ai-papers/lip-rcp
Primary Area: Deep Learning->Robustness
Keywords: robustness, conformal prediction, uncertainty quantification, lipschitz networks
Submission Number: 1309