On extensions of clever: A neural network robustness evaluation algorithm

Tsui Wei Weng, Huan Zhang, Pin Yu Chen, Aurelie Lozano, Cho Jui Hsieh, Luca Daniel

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

CLEVER (Cross-Lipschitz Extreme Value for nEtwork Robustness) is an Extreme Value Theory (EVT) based robustness score for large-scale deep neural networks (DNNs). In this paper, we propose two extensions on this robustness score. First, we provide a new formal robustness guarantee for classifier functions that are twice differentiable. We apply extreme value theory on the new formal robustness guarantee and the estimated robustness is called second-order CLEVER score. Second, we discuss how to handle gradient masking, a common defensive technique, using CLEVER with Backward Pass Differentiable Approximation (BPDA). With BPDA applied, CLEVER can evaluate the intrinsic robustness of neural networks of a broader class - networks with non-differentiable input transformations. We demonstrate the effectiveness of CLEVER with BPDA in experiments on a 121-layer Densenet model trained on the ImageNet dataset.

Original languageEnglish (US)
Title of host publication2018 IEEE Global Conference on Signal and Information Processing, GlobalSIP 2018 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1159-1163
Number of pages5
ISBN (Electronic)9781728112954
DOIs
StatePublished - Jul 2 2018
Externally publishedYes
Event2018 IEEE Global Conference on Signal and Information Processing, GlobalSIP 2018 - Anaheim, United States
Duration: Nov 26 2018Nov 29 2018

Publication series

Name2018 IEEE Global Conference on Signal and Information Processing, GlobalSIP 2018 - Proceedings

Conference

Conference2018 IEEE Global Conference on Signal and Information Processing, GlobalSIP 2018
Country/TerritoryUnited States
CityAnaheim
Period11/26/1811/29/18

Keywords

  • Adversarial Examples
  • Deep Learning
  • Robustness Evaluation

ASJC Scopus subject areas

  • Information Systems
  • Signal Processing

Fingerprint

Dive into the research topics of 'On extensions of clever: A neural network robustness evaluation algorithm'. Together they form a unique fingerprint.

Cite this