DeformRS: Certifying Input Deformations with Randomized Smoothing

Authors

  • Motasem Alfarra King Abdullah University of Science and Technology (KAUST)
  • Adel Bibi University of Oxford
  • Naeemullah Khan University of Oxford
  • Philip H.S. Torr University of Oxford
  • Bernard Ghanem King Abdullah University of Science and Technology (KAUST)

DOI:

https://doi.org/10.1609/aaai.v36i6.20546

Keywords:

Machine Learning (ML), Computer Vision (CV)

Abstract

Deep neural networks are vulnerable to input deformations in the form of vector fields of pixel displacements and to other parameterized geometric deformations e.g. translations, rotations, etc. Current input deformation certification methods either (i) do not scale to deep networks on large input datasets, or (ii) can only certify a specific class of deformations, e.g. only rotations. We reformulate certification in randomized smoothing setting for both general vector field and parameterized deformations and propose DeformRS-VF and DeformRS-Par, respectively. Our new formulation scales to large networks on large input datasets. For instance, DeformRS-Par certifies rich deformations, covering translations, rotations, scaling, affine deformations, and other visually aligned deformations such as ones parameterized by Discrete-Cosine-Transform basis. Extensive experiments on MNIST, CIFAR10, and ImageNet show competitive performance of DeformRS-Par achieving a certified accuracy of 39\% against perturbed rotations in the set [-10 degree, 10 degree] on ImageNet.
AAAI-22 Proceedings Cover

Downloads

Published

2022-06-28

How to Cite

Alfarra, M., Bibi, A., Khan, N., Torr, P. H., & Ghanem, B. (2022). DeformRS: Certifying Input Deformations with Randomized Smoothing. Proceedings of the AAAI Conference on Artificial Intelligence, 36(6), 6001-6009. https://doi.org/10.1609/aaai.v36i6.20546

Issue

Vol. 36 No. 6: AAAI-22 Technical Tracks 6

Section

AAAI Technical Track on Machine Learning I