IEEE Transactions on Neural Networks and Learning Systems (TNNLS)

© 2022 IEEE

© 2022 IEEE

Training Provably Robust Models by Polyhedral Envelope Regularization by Chen Liu, Mathieu Salzmann and Sabine Süsstrunk published in IEEE Transactions on Neural Networks and Learning Systems (TNNLS).

Training certifiable neural networks enables us to obtain models with robustness guarantees against adversarial attacks. In this work, we introduce a framework to obtain a provable adversarial-free region in the neighborhood of the input data by a polyhedral envelope, which yields more fine-grained certified robustness than existing methods. We further introduce polyhedral envelope regularization (PER) to encourage larger adversarial-free regions and thus improve the provable robustness of the models. We demonstrate the flexibility and effectiveness of our framework on standard benchmarks; it applies to networks of different architectures and with general activation functions. Compared with state-of-the-art, PER has negligible computational overhead; it achieves better robustness guarantees and accuracy on the clean data in various settings.

References

C. Liu, M. Salzmann and S. Süsstrunk, "Training Provably Robust Models by Polyhedral Envelope Regularization," in IEEE Transactions on Neural Networks and Learning Systems, doi: 10.1109/TNNLS.2021.3111892.