Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
126 tokens/sec
GPT-4o
47 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Towards Certification of Uncertainty Calibration under Adversarial Attacks (2405.13922v1)

Published 22 May 2024 in cs.LG and stat.ML

Abstract: Since neural classifiers are known to be sensitive to adversarial perturbations that alter their accuracy, \textit{certification methods} have been developed to provide provable guarantees on the insensitivity of their predictions to such perturbations. Furthermore, in safety-critical applications, the frequentist interpretation of the confidence of a classifier (also known as model calibration) can be of utmost importance. This property can be measured via the Brier score or the expected calibration error. We show that attacks can significantly harm calibration, and thus propose certified calibration as worst-case bounds on calibration under adversarial perturbations. Specifically, we produce analytic bounds for the Brier score and approximate bounds via the solution of a mixed-integer program on the expected calibration error. Finally, we propose novel calibration attacks and demonstrate how they can improve model calibration through \textit{adversarial calibration training}.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (52)
  1. A review of uncertainty quantification in deep learning: Techniques, applications and challenges. Information Fusion, 76:243–297, 2021. ISSN 1566-2535.
  2. Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey. IEEE Access, 6:14410–14430, 2018.
  3. Constrained Clustering: General Pairwise and Cardinality Constraints. IEEE Access, 11:5824–5836, 2023. ISSN 2169-3536.
  4. Meta-Calibration: Learning of Model Calibration Using Differentiable Expected Calibration Error. Transactions on Machine Learning Research, 2023. ISSN 2835-8856.
  5. Distributed Optimization and Statistical Learning via the Alternating Direction Method of Multipliers. Foundations and Trends® in Machine Learning, 3(1):1–122, 2011. ISSN 1935-8237.
  6. Glenn W. Brier. Verification of Forecasts Expressed in Terms of Probability. Monthly Weather Review, 78(1):1, January 1950.
  7. Jochen Bröcker. Reliability, sufficiency, and the decomposition of proper scores. Quarterly Journal of the Royal Meteorological Society, 135(643):1512–1519, 2009. ISSN 0035-9009. Place: Chichester, UK.
  8. Certified Adversarial Robustness via Randomized Smoothing. In Kamalika Chaudhuri and Ruslan Salakhutdinov, editors, Proceedings of the 36th International Conference on Machine Learning, volume 97 of Proceedings of Machine Learning Research, pages 1310–1320. PMLR, June 2019.
  9. The Comparison and Evaluation of Forecasters. Journal of the Royal Statistical Society. Series D (The Statistician), 32(1/2):12–22, 1983. ISSN 00390526, 14679884. Publisher: [Royal Statistical Society, Wiley].
  10. ImageNet: A large-scale hierarchical image database. In cvpr, 2009.
  11. Disrupting Deep Uncertainty Estimation Without Harming Accuracy. In M. Ranzato, A. Beygelzimer, Y. Dauphin, P. S. Liang, and J. Wortman Vaughan, editors, Advances in Neural Information Processing Systems, volume 34, pages 21285–21296. Curran Associates, Inc., 2021.
  12. Explaining and Harnessing Adversarial Examples. In International Conference on Learning Representations, 2015.
  13. Robust Models are less Over-Confident. In Alice H. Oh, Alekh Agarwal, Danielle Belgrave, and Kyunghyun Cho, editors, Advances in Neural Information Processing Systems, 2022.
  14. On calibration of modern neural networks. 34th International Conference on Machine Learning, ICML 2017, 3:2130–2143, June 2017. ISSN 9781510855144.
  15. Identity Mappings in Deep Residual Networks. In European Conference on Computer Vision, 2016a.
  16. Deep Residual Learning for Image Recognition. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR), June 2016b.
  17. Evaluation of neural qrchitectures trained with square loss vs cross-entropy in classification tasks. In International Conference on Learning Representations, 2021.
  18. SmoothMix: Training Confidence-calibrated Smoothed Classifiers for Certified Robustness. In M. Ranzato, A. Beygelzimer, Y. Dauphin, P. S. Liang, and J. Wortman Vaughan, editors, Advances in Neural Information Processing Systems, volume 34, pages 30153–30168. Curran Associates, Inc., 2021.
  19. Soft Calibration Objectives for Neural Networks. In M. Ranzato, A. Beygelzimer, Y. Dauphin, P. S. Liang, and J. Wortman Vaughan, editors, Advances in Neural Information Processing Systems, volume 34, pages 29768–29779. Curran Associates, Inc., 2021.
  20. Evaluating Robustness of Predictive Uncertainty Estimation: Are Dirichlet-based Models Reliable? In Marina Meila and Tong Zhang, editors, Proceedings of the 38th International Conference on Machine Learning, volume 139 of Proceedings of Machine Learning Research, pages 5707–5718. PMLR, July 2021.
  21. Alex Krizhevsky. Learning Multiple Layers of Features from Tiny Images. 2009.
  22. Verified Uncertainty Calibration. In H. Wallach, H. Larochelle, A. Beygelzimer, F. d\textquotesingle Alché-Buc, E. Fox, and R. Garnett, editors, Advances in Neural Information Processing Systems, volume 32. Curran Associates, Inc., 2019.
  23. Certifying Confidence via Randomized Smoothing. In H. Larochelle, M. Ranzato, R. Hadsell, M. F. Balcan, and H. Lin, editors, Advances in Neural Information Processing Systems, volume 33, pages 5165–5177. Curran Associates, Inc., 2020.
  24. Trainable Calibration Measures for Neural Networks from Kernel Mean Embeddings. In Jennifer Dy and Andreas Krause, editors, Proceedings of the 35th International Conference on Machine Learning, volume 80 of Proceedings of Machine Learning Research, pages 2805–2814. PMLR, July 2018.
  25. Adversarial Machine Learning at Scale. In International Conference on Learning Representations, 2017.
  26. Gradient-based learning applied to document recognition. Proc. IEEE, 86:2278–2324, 1998.
  27. Explainable AI: A Review of Machine Learning Interpretability Methods. Entropy, 23(1), 2021. ISSN 1099-4300.
  28. Towards Deep Learning Models Resistant to Adversarial Attacks. In International Conference on Learning Representations, 2018.
  29. Calibrating Deep Neural Networks using Focal Loss. Advances in Neural Information Processing Systems, 2020.
  30. Allan H Murphy. Scalar and Vector Partitions of the Probability Score : Part II. N-State Situation. Journal of Applied Meteorology (1962-1982), 11(8):1183–1192, January 1972. Publisher: American Meteorological Society.
  31. Allan H. Murphy. A New Vector Partition of the Probability Score. Journal of Applied Meteorology, 12(4):595–600, 1973.
  32. Obtaining Well Calibrated Probabilities Using Bayesian Binning. Proceedings of the … AAAI Conference on Artificial Intelligence. AAAI Conference on Artificial Intelligence, 2015:2901–2907, January 2015. ISSN 2159-5399.
  33. Reading Digits in Natural Images with Unsupervised Feature Learning. In NIPS Workshop on Deep Learning and Unsupervised Feature Learning 2011, 2011.
  34. Posterior calibration and exploratory analysis for natural language processing models, 2015. 1508.05154.
  35. Measuring Calibration in Deep Learning. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) Workshops, June 2019.
  36. Calibration Attack: A Framework For Adversarial Attacks Targeting Calibration, 2024. _eprint: 2401.02718.
  37. PyTorch: An Imperative Style, High-Performance Deep Learning Library, 2019. _eprint: 1912.01703.
  38. Stronger Calibration Lower Bounds via Sidestepping. In Proceedings of the 53rd Annual ACM SIGACT Symposium on Theory of Computing, STOC 2021, pages 456–466, New York, NY, USA, 2021. Association for Computing Machinery. ISBN 978-1-4503-8053-9. event-place: Virtual, Italy.
  39. Improving Calibration through the Relationship with Adversarial Robustness. In M. Ranzato, A. Beygelzimer, Y. Dauphin, P. S. Liang, and J. Wortman Vaughan, editors, Advances in Neural Information Processing Systems, volume 34, pages 14358–14369. Curran Associates, Inc., 2021.
  40. Provably Robust Deep Learning via Adversarially Trained Smoothed Classifiers. In H. Wallach, H. Larochelle, A. Beygelzimer, F. d’ Alché-Buc, E. Fox, and R. Garnett, editors, Advances in Neural Information Processing Systems, volume 32. Curran Associates, Inc., 2019.
  41. Evidential deep learning to quantify classification uncertainty. In Advances in Neural Information Processing Systems, volume 2018-Decem, pages 3179–3189, June 2018.
  42. Confidence-Calibrated Adversarial Training: Generalizing to Unseen Attacks. In Hal Daumé III and Aarti Singh, editors, Proceedings of the 37th International Conference on Machine Learning, volume 119 of Proceedings of Machine Learning Research, pages 9155–9166. PMLR, July 2020.
  43. Intriguing properties of neural networks. In International Conference on Learning Representations (ICLR), 2014. _eprint: 1312.6199.
  44. Rethinking the Inception Architecture for Computer Vision. In Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition, volume 2016-Decem, pages 2818–2826, December 2016. ISBN 978-1-4673-8850-4.
  45. Towards Trustworthy Predictions from Deep Neural Networks with Fast Adversarial Calibration. Proceedings of the AAAI Conference on Artificial Intelligence, 35(11):9886–9896, May 2021.
  46. Global convergence of ADMM in nonconvex nonsmooth optimization. Journal of Scientific Computing, 78:29–63, 2019. Publisher: Springer.
  47. Non-Parametric Calibration for Classification. In Silvia Chiappa and Roberto Calandra, editors, Proceedings of the Twenty Third International Conference on Artificial Intelligence and Statistics, volume 108 of Proceedings of Machine Learning Research, pages 178–190. PMLR, August 2020.
  48. Provable Defenses against Adversarial Examples via the Convex Outer Adversarial Polytope. In Jennifer Dy and Andreas Krause, editors, Proceedings of the 35th International Conference on Machine Learning, volume 80 of Proceedings of Machine Learning Research, pages 5286–5295. PMLR, July 2018.
  49. \ell _p-Box ADMM: A Versatile Framework for Integer Programming. IEEE Transactions on Pattern Analysis and Machine Intelligence, 41(7):1695–1708, July 2019. ISSN 1939-3539.
  50. Fashion-MNIST: a Novel Image Dataset for Benchmarking Machine Learning Algorithms, August 2017. arXiv: cs.LG/1708.07747.
  51. MACER: Attack-free and Scalable Robust Training via Maximizing Certified Radius. In International Conference on Learning Representations, 2020.
  52. mixup: Beyond Empirical Risk Minimization. In International Conference on Learning Representations, 2018.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets