Matt Jordan, Justin Lewis, Alexandros G. Dimakis
Published 2019-03-20Version 1
We propose a novel method for computing exact pointwise robustness of deep neural networks for a number of $\ell_p$ norms. Our algorithm, GeoCert, finds the largest $\ell_p$ ball centered at an input point $x_0$, within which the output class of a given neural network with ReLU nonlinearities remains unchanged. We relate the problem of computing pointwise robustness of these networks to that of growing a norm ball inside a non-convex polytope. This is a challenging problem in general, as we discuss; however, we prove a useful structural result about the geometry of the piecewise linear components of ReLU networks. This result allows for an efficient convex decomposition of the problem. Specifically we show that if polytopes satisfy a technical condition that we call being 'perfectly-glued', then we can find the largest ball inside their union in polynomial time. Our method is efficient and can certify pointwise robustness for any norm where p is greater or equal to 1.
Comments: Code can be found here: https://github.com/revbucket/geometric-certificates
Improving the Adversarial Robustness and Interpretability of Deep Neural Networks by Regularizing their Input Gradients
AI-GAN: Attack-Inspired Generation of Adversarial Examples
A unified view on differential privacy and robustness to adversarial examples
![QR code for arXiv:1903.08778 [cs.LG]](http://oss.arxitics.com/images/favicon.svg)