Provable Certificates for Adversarial Examples: Fitting a Ball in the Union of Polytopes

March 20, 2019 · Entered Twilight · 🏛 Neural Information Processing Systems

"Last commit was 6.0 years ago (≥5 year threshold)"

Evidence collected by the PWNC Scanner

Repo contents: .gitignore, README.md, __init__.py, _polytope_.py, assets, convex_adversarial, data, domains.py, examples, full_lp.py, geocert.py, geocert_batch.py, mip_verify.py, mister_ed, plnn.py, requirements.txt, utilities.py

Authors Matt Jordan, Justin Lewis, Alexandros G. Dimakis arXiv ID 1903.08778 Category cs.LG: Machine Learning Cross-listed cs.CR, stat.ML Citations 60 Venue Neural Information Processing Systems Repository https://github.com/revbucket/geometric-certificates ⭐ 42 Last Checked 2 months ago

Abstract

We propose a novel method for computing exact pointwise robustness of deep neural networks for all convex $\ell_p$ norms. Our algorithm, GeoCert, finds the largest $\ell_p$ ball centered at an input point $x_0$, within which the output class of a given neural network with ReLU nonlinearities remains unchanged. We relate the problem of computing pointwise robustness of these networks to that of computing the maximum norm ball with a fixed center that can be contained in a non-convex polytope. This is a challenging problem in general, however we show that there exists an efficient algorithm to compute this for polyhedral complices. Further we show that piecewise linear neural networks partition the input space into a polyhedral complex. Our algorithm has the ability to almost immediately output a nontrivial lower bound to the pointwise robustness which is iteratively improved until it ultimately becomes tight. We empirically show that our approach generates distance lower bounds that are tighter compared to prior work, under moderate time constraints.