Fast Training of Provably Robust Neural Networks by SingleProp

Authors

  • Akhilan Boopathy Massachusetts Institute of Technology
  • Lily Weng Massachusetts Institute of Technology
  • Sijia Liu MIT-IBM Watson AI Lab, IBM Research
  • Pin-Yu Chen MIT-IBM Watson AI Lab, IBM Research
  • Gaoyuan Zhang MIT-IBM Watson AI Lab, IBM Research
  • Luca Daniel Massachusetts Institute of Technology

DOI:

https://doi.org/10.1609/aaai.v35i8.16840

Keywords:

Adversarial Learning & Robustness

Abstract

Recent works have developed several methods of defending neural networks against adversarial attacks with certified guarantees. However, these techniques can be computationally costly due to the use of certification during training. We develop a new regularizer that is both more efficient than existing certified defenses, requiring only one additional forward propagation through a network, and can be used to train networks with similar certified accuracy. Through experiments on MNIST and CIFAR-10 we demonstrate improvements in training speed and comparable certified accuracy compared to state-of-the-art certified defenses.
AAAI-21 Proceedings Cover

Downloads

Published

2021-05-18

How to Cite

Boopathy, A., Weng, L., Liu, S., Chen, P.-Y., Zhang, G., & Daniel, L. (2021). Fast Training of Provably Robust Neural Networks by SingleProp. Proceedings of the AAAI Conference on Artificial Intelligence, 35(8), 6803-6811. https://doi.org/10.1609/aaai.v35i8.16840

Issue

Vol. 35 No. 8: AAAI-21 Technical Tracks 8

Section

AAAI Technical Track on Machine Learning I