CC-CERT: A Probabilistic Approach to Certify General Robustness of Neural Networks

Authors

  • Mikhail Pautov Skolkovo Institute of Science and Technology
  • Nurislam Tursynbek Skolkovo Institute of Science and Technology
  • Marina Munkhoeva Skolkovo Institute of Science and Technology
  • Nikita Muravev Lomonosov MSU Huawei Moscow Research Center
  • Aleksandr Petiushko Lomonosov MSU Huawei Moscow Research Center AIRI, Moscow
  • Ivan Oseledets Skolkovo Institute of Science and Technology

DOI:

https://doi.org/10.1609/aaai.v36i7.20768

Keywords:

Machine Learning (ML)

Abstract

In safety-critical machine learning applications, it is crucial to defend models against adversarial attacks --- small modifications of the input that change the predictions. Besides rigorously studied $\ell_p$-bounded additive perturbations, semantic perturbations (e.g. rotation, translation) raise a serious concern on deploying ML systems in real-world. Therefore, it is important to provide provable guarantees for deep learning models against semantically meaningful input transformations. In this paper, we propose a new universal probabilistic certification approach based on Chernoff-Cramer bounds that can be used in general attack settings. We estimate the probability of a model to fail if the attack is sampled from a certain distribution. Our theoretical findings are supported by experimental results on different datasets.

Downloads

Published

2022-06-28

How to Cite

Pautov, M., Tursynbek, N., Munkhoeva, M., Muravev, N., Petiushko, A., & Oseledets, I. (2022). CC-CERT: A Probabilistic Approach to Certify General Robustness of Neural Networks. Proceedings of the AAAI Conference on Artificial Intelligence, 36(7), 7975-7983. https://doi.org/10.1609/aaai.v36i7.20768

Issue

Section

AAAI Technical Track on Machine Learning II