Robustness Certification with Refinement

Gagandeep Singh; Timon Gehr; Markus Püschel; Martin Vechev

Robustness Certification with Refinement

Gagandeep Singh, Timon Gehr, Markus Püschel, Martin Vechev

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

We present a novel approach for the certification of neural networks against adversarial perturbations which combines scalable overapproximation methods with precise (mixed integer) linear programming. This results in significantly better precision than state-of-the-art verifiers on challenging feedforward and convolutional neural networks with piecewise linear activation functions.

Original language	English (US)
Title of host publication	International Conference on Learning Representations
State	Published - 2019
Externally published	Yes

Keywords

Robustness certification
Verification of Neural Networks
MILP Solvers
Abstract Interpretation
Adversarial Attacks

Online availability

https://openreview.net/forum?id=HJgeEh09KQ

Library availability

Discover UIUC Full Text

Cite this

@inproceedings{9da70316c4bf4437b97295332a5d98f5,

title = "Robustness Certification with Refinement",

abstract = "We present a novel approach for the certification of neural networks against adversarial perturbations which combines scalable overapproximation methods with precise (mixed integer) linear programming. This results in significantly better precision than state-of-the-art verifiers on challenging feedforward and convolutional neural networks with piecewise linear activation functions.",

keywords = "Robustness certification, Verification of Neural Networks, MILP Solvers, Abstract Interpretation, Adversarial Attacks",

author = "Gagandeep Singh and Timon Gehr and Markus P{\"u}schel and Martin Vechev",

year = "2019",

language = "English (US)",

booktitle = "International Conference on Learning Representations",

}

TY - GEN

T1 - Robustness Certification with Refinement

AU - Singh, Gagandeep

AU - Gehr, Timon

AU - Püschel, Markus

AU - Vechev, Martin

PY - 2019

Y1 - 2019

N2 - We present a novel approach for the certification of neural networks against adversarial perturbations which combines scalable overapproximation methods with precise (mixed integer) linear programming. This results in significantly better precision than state-of-the-art verifiers on challenging feedforward and convolutional neural networks with piecewise linear activation functions.

AB - We present a novel approach for the certification of neural networks against adversarial perturbations which combines scalable overapproximation methods with precise (mixed integer) linear programming. This results in significantly better precision than state-of-the-art verifiers on challenging feedforward and convolutional neural networks with piecewise linear activation functions.

KW - Robustness certification

KW - Verification of Neural Networks

KW - MILP Solvers

KW - Abstract Interpretation

KW - Adversarial Attacks

M3 - Conference contribution

BT - International Conference on Learning Representations

ER -

Robustness Certification with Refinement

Abstract

Keywords

Online availability

Library availability

Fingerprint

Cite this