Papers
Topics
Authors
Recent
Search
2000 character limit reached

Gaussian Loss Smoothing Enables Certified Training with Tight Convex Relaxations

Published 11 Mar 2024 in cs.LG | (2403.07095v3)

Abstract: Training neural networks with high certified accuracy against adversarial examples remains an open challenge despite significant efforts. While certification methods can effectively leverage tight convex relaxations for bound computation, in training, these methods, perhaps surprisingly, can perform worse than looser relaxations. Prior work hypothesized that this phenomenon is caused by the discontinuity, non-smoothness, and perturbation sensitivity of the loss surface induced by tighter relaxations. In this work, we theoretically show that Gaussian Loss Smoothing (GLS) can alleviate these issues. We confirm this empirically by instantiating GLS with two variants: a zeroth-order optimization algorithm, called PGPE, which allows training with non-differentiable relaxations, and a first-order optimization algorithm, called RGS, which requires gradients of the relaxation but is much more efficient than PGPE. Extensive experiments show that when combined with tight relaxations, these methods surpass state-of-the-art methods when training on the same network architecture for many settings. Our results clearly demonstrate the promise of Gaussian Loss Smoothing for training certifiably robust neural networks and pave a path towards leveraging tighter relaxations for certified training.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (35)
  1. Evasion attacks against machine learning at test time. In Proc of ECML PKDD, 2013. doi: 10.1007/978-3-642-40994-3_25.
  2. First three years of the international verification of neural networks competition (VNN-COMP). CoRR, abs/2301.05815, 2023. doi: 10.48550/ARXIV.2301.05815.
  3. Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks. In Proc. of ICML, 2020.
  4. Complete verification via multi-neuron relaxation guided branch-and-bound. In Proc. of ICLR, 2022.
  5. AI2: safety and robustness certification of neural networks with abstract interpretation. In Proc. of S&P, 2018. doi: 10.1109/SP.2018.00058.
  6. On the effectiveness of interval bound propagation for training verifiably robust models. ArXiv preprint, abs/1810.12715, 2018.
  7. Delving deep into rectifiers: Surpassing human-level performance on imagenet classification. In Proc. of ICCV, 2015. doi: 10.1109/ICCV.2015.123.
  8. On the paradox of certified training. Trans. Mach. Learn. Res., 2022.
  9. Reluplex: An efficient SMT solver for verifying deep neural networks. ArXiv preprint, abs/1702.01135, 2017.
  10. Adam: A method for stochastic optimization. In Bengio, Y. and LeCun, Y. (eds.), Proc. of ICLR, 2015.
  11. Learning multiple layers of features from tiny images. 2009.
  12. Neuroevobench: Benchmarking evolutionary optimizers for deep learning applications. In Proc. of NeurIPS Datasets and Benchmarks Track, 2023.
  13. Mnist handwritten digit database. ATT Labs [Online]. Available: http://yann.lecun.com/exdb/mnist, 2010.
  14. Connecting certified and adversarial training. In Proc. of NeurIPS, 2023a.
  15. Understanding certified training with interval bound propagation. CoRR, abs/2306.10426, 2023b. doi: 10.48550/ARXIV.2306.10426.
  16. Differentiable abstract interpretation for provably robust neural networks. In Dy, J. G. and Krause, A. (eds.), Proc. of ICML, 2018.
  17. Certify or predict: Boosting certified robustness with compositional architectures. In Proc. of ICLR, 2021.
  18. Certified training: Small boxes are all you need. In Proc. of ICLR, 2023.
  19. IBP regularization for verified adversarial robustness via branch-and-bound. ArXiv preprint, abs/2206.14772, 2022.
  20. Expressive losses for verified robustness via convex combinations. CoRR, abs/2305.13991, 2023. doi: 10.48550/arXiv.2305.13991.
  21. Pytorch: An imperative style, high-performance deep learning library. In Proc. of NeurIPS, 2019.
  22. Parameter-exploring policy gradients. Neural Networks, 2010. doi: 10.1016/J.NEUNET.2009.12.004.
  23. Fast certified robust training with short warmup. In Ranzato, M., Beygelzimer, A., Dauphin, Y. N., Liang, P., and Vaughan, J. W. (eds.), Proc. of NeurIPS, 2021.
  24. Fast and effective robustness certification. In Proc. of NeurIPS, 2018.
  25. An abstract domain for certifying neural networks. Proc. of POPL, 2019. doi: 10.1145/3290354.
  26. Gaussian smoothing gradient descent for minimizing high-dimensional non-convex functions, 2023.
  27. Intriguing properties of neural networks. In Proc. of ICLR, 2014.
  28. Evotorch: Scalable evolutionary computation in python, 2023.
  29. On adaptive attacks to adversarial example defenses. In Proc. of NeurIPS, 2020.
  30. Efficient formal safety analysis of neural networks. In Proc. of NeurIPS, 2018.
  31. Towards fast computation of certified robustness for relu networks. In Proc. of ICML, 2018.
  32. Provable defenses against adversarial examples via the convex outer adversarial polytope. In Proc. of ICML, 2018.
  33. Efficient neural network robustness certification with general activation functions. In Proc. of NeurIPS, 2018.
  34. Towards stable and efficient training of verifiably robust neural networks. In Proc. of ICLR, 2020.
  35. General cutting planes for bound-propagation-based neural network verification. ArXiv preprint, abs/2208.05740, 2022.
Citations (3)
View on Semantic Scholar

Summary

No one has generated a summary of this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Summarize

Paper to Video (Beta)

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up

Tweets

Sign up for free to view the 1 tweet with 0 likes about this paper.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up for Free