Probably Approximately Global Robustness Certification
By: Peter Blohm , Patrick Indri , Thomas Gärtner and more
Potential Business Impact:
Makes AI smarter and safer from mistakes.
We propose and investigate probabilistic guarantees for the adversarial robustness of classification algorithms. While traditional formal verification approaches for robustness are intractable and sampling-based approaches do not provide formal guarantees, our approach is able to efficiently certify a probabilistic relaxation of robustness. The key idea is to sample an $\epsilon$-net and invoke a local robustness oracle on the sample. Remarkably, the size of the sample needed to achieve probably approximately global robustness guarantees is independent of the input dimensionality, the number of classes, and the learning algorithm itself. Our approach can, therefore, be applied even to large neural networks that are beyond the scope of traditional formal verification. Experiments empirically confirm that it characterizes robustness better than state-of-the-art sampling-based approaches and scales better than formal methods.
Similar Papers
Get Global Guarantees: On the Probabilistic Nature of Perturbation Robustness
Machine Learning (CS)
Makes AI safer by testing its mistakes.
Verifying rich robustness properties for neural networks
Logic in Computer Science
Makes AI decisions more trustworthy and reliable.
Certified but Fooled! Breaking Certified Defences with Ghost Certificates
Machine Learning (CS)
Tricks AI into thinking fake pictures are real.