Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
149 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

COLEP: Certifiably Robust Learning-Reasoning Conformal Prediction via Probabilistic Circuits (2403.11348v1)

Published 17 Mar 2024 in cs.LG, cs.AI, and stat.ML

Abstract: Conformal prediction has shown spurring performance in constructing statistically rigorous prediction sets for arbitrary black-box machine learning models, assuming the data is exchangeable. However, even small adversarial perturbations during the inference can violate the exchangeability assumption, challenge the coverage guarantees, and result in a subsequent decline in empirical coverage. In this work, we propose a certifiably robust learning-reasoning conformal prediction framework (COLEP) via probabilistic circuits, which comprise a data-driven learning component that trains statistical models to learn different semantic concepts, and a reasoning component that encodes knowledge and characterizes the relationships among the trained models for logic reasoning. To achieve exact and efficient reasoning, we employ probabilistic circuits (PCs) within the reasoning component. Theoretically, we provide end-to-end certification of prediction coverage for COLEP in the presence of bounded adversarial perturbations. We also provide certified coverage considering the finite size of the calibration set. Furthermore, we prove that COLEP achieves higher prediction coverage and accuracy over a single model as long as the utilities of knowledge models are non-trivial. Empirically, we show the validity and tightness of our certified coverage, demonstrating the robust conformal prediction of COLEP on various datasets, including GTSRB, CIFAR10, and AwA2. We show that COLEP achieves up to 12% improvement in certified coverage on GTSRB, 9% on CIFAR-10, and 14% on AwA2.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (80)
  1. Handbook of mathematical functions with formulas, graphs, and mathematical tables, volume 55. US Government printing office, 1948.
  2. Semantic probabilistic layers for neuro-symbolic learning. Advances in Neural Information Processing Systems, 35:29944–29959, 2022.
  3. Anonymous. Provably robust conformal prediction with improved efficiency. In Submitted to The Twelfth International Conference on Learning Representations, 2023. URL https://openreview.net/forum?id=BWAhEjXjeG. under review.
  4. Certifying geometric robustness of neural networks. In Advances in Neural Information Processing Systems, pp. 15287–15297, 2019.
  5. Conformal prediction beyond exchangeability. arXiv preprint arXiv:2202.13415, 2022.
  6. Frank Markham Brown. Boolean reasoning: the logic of Boolean equations. Courier Corporation, 2003.
  7. Daniel D Caminhas. Detecting and correcting typing errors in open-domain knowledge graphs using semantic representation of entities. 2019.
  8. Invisible for both camera and lidar: Security of multi-sensor fusion based perception in autonomous driving under physical-world attacks. In 2021 IEEE Symposium on Security and Privacy (SP), pp. 176–194. IEEE, 2021.
  9. Correcting knowledge base assertions. In Proceedings of the Web Conference 2020, pp.  1537–1547, 2020a.
  10. Differentially private data generative models. arXiv preprint arXiv:1812.02274, 2018.
  11. A review: Knowledge reasoning over knowledge graph. Expert Systems with Applications, 141:112948, 2020b.
  12. On relaxing determinism in arithmetic circuits. In International Conference on Machine Learning, pp. 825–833. PMLR, 2017.
  13. Certified adversarial robustness via randomized smoothing. In international conference on machine learning, pp. 1310–1320. PMLR, 2019.
  14. Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks. In International conference on machine learning, pp. 2206–2216. PMLR, 2020.
  15. Adnan Darwiche. Compiling knowledge into decomposable negation normal form. In IJCAI, volume 99, pp.  284–289. Citeseer, 1999.
  16. Adnan Darwiche. Decomposable negation normal form. Journal of the ACM (JACM), 48(4):608–647, 2001.
  17. Adnan Darwiche. A logical approach to factoring belief networks. KR, 2:409–420, 2002.
  18. Adnan Darwiche. A differential approach to inference in bayesian networks. Journal of the ACM (JACM), 50(3):280–305, 2003.
  19. Robust physical-world attacks on deep learning visual classification. In Proceedings of the IEEE conference on computer vision and pattern recognition, pp.  1625–1634, 2018.
  20. Neural-symbolic learning and reasoning: A survey and interpretation. Neuro-Symbolic Artificial Intelligence: The State of the Art, 342(1):327, 2022.
  21. Adversarially robust conformal prediction. In International Conference on Learning Representations, 2022. URL https://openreview.net/forum?id=9L1BsI4wP1H.
  22. Probabilistically robust conformal prediction. In Uncertainty in Artificial Intelligence, pp.  681–690. PMLR, 2023.
  23. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572, 2014.
  24. On the effectiveness of interval bound propagation for training verifiably robust models. arXiv preprint arXiv:1810.12715, 2018.
  25. Knowledge-enhanced machine learning pipeline against diverse adversarial attacks. In International Conference on Machine Learning, 2021.
  26. Deep residual learning for image recognition. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR), June 2016.
  27. P Hitzler and MK Sarker. Tractable boolean and arithmetic circuits. Neuro-Symbolic Artificial Intelligence: The State of the Art, 342:146, 2022.
  28. Sensitivity analysis of individual treatment effects: A robust conformal inference approach. Proceedings of the National Academy of Sciences, 120(6):e2214889120, 2023.
  29. Certifying some distributional fairness with subpopulation decomposition. Advances in Neural Information Processing Systems, 35:31045–31058, 2022.
  30. Label-assemble: Leveraging multiple datasets with partial labels. In 2023 IEEE 20th International Symposium on Biomedical Imaging (ISBI), pp.  1–5. IEEE, 2023a.
  31. Fashapley: Fast and approximated shapley based model pruning towards certifiably robust dnns. In 2023 IEEE Conference on Secure and Trustworthy Machine Learning (SaTML), pp.  575–592. IEEE, 2023b.
  32. Certifiably byzantine-robust federated conformal prediction. 2023c.
  33. C-rag: Certified generation risks for retrieval-augmented language models. arXiv preprint arXiv:2402.03181, 2024a.
  34. Diffattack: Evasion attacks against diffusion-based adversarial purification. Advances in Neural Information Processing Systems, 36, 2024b.
  35. Probabilistic sentential decision diagrams. In Proceedings of the 14th international conference on principles of knowledge representation and reasoning (KR), pp.  1–10, 2014.
  36. Policy smoothing for provably robust reinforcement learning. In International Conference on Learning Representations, 2022.
  37. Certified robustness to adversarial examples with differential privacy. In 2019 IEEE Symposium on Security and Privacy (SP), pp. 656–672. IEEE, 2019.
  38. Distribution-free prediction sets. Journal of the American Statistical Association, 108(501):278–287, 2013.
  39. Distribution-free predictive inference for regression. Journal of the American Statistical Association, 113(523):1094–1111, 2018.
  40. Large-scale identification of malicious singleton files. In Proceedings of the seventh ACM on conference on data and application security and privacy, pp.  227–238, 2017.
  41. Robustra: Training provable robust neural networks over reference adversarial space. In IJCAI, pp.  4711–4717, 2019.
  42. TSS: Transformation-specific smoothing for robustness certification. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp.  535–557, 2021. ISBN 9781450384544.
  43. Double sampling randomized smoothing. In International Conference on Machine Learning, 2022a.
  44. Sok: Certified robustness for deep neural networks. In 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, 22-26 May 2023. IEEE, 2023.
  45. Competition-level code generation with alphacode. Science, 378(6624):1092–1097, 2022b.
  46. Towards deep learning models resistant to adversarial attacks. In International Conference on Learning Representations, 2018. URL https://openreview.net/forum?id=rJzIBfZAb.
  47. Deepproblog: Neural probabilistic logic programming. Advances in neural information processing systems, 31, 2018.
  48. Pascal Massart. The tight constant in the dvoretzky-kiefer-wolfowitz inequality. The annals of Probability, pp.  1269–1283, 1990.
  49. An approach to correction of erroneous links in knowledge graphs. In CEUR Workshop Proceedings, volume 2065, pp.  54–57. RWTH Aachen, 2017.
  50. Characterizing attacks on deep reinforcement learning. AISTATS, 2019.
  51. Fairness in federated learning via core-stability. Advances in neural information processing systems, 35:5738–5750, 2022.
  52. Markov logic networks. Machine learning, 62:107–136, 2006.
  53. Classification with valid and adaptive coverage. In H. Larochelle, M. Ranzato, R. Hadsell, M.F. Balcan, and H. Lin (eds.), Advances in Neural Information Processing Systems, volume 33, pp.  3581–3591. Curran Associates, Inc., 2020. URL https://proceedings.neurips.cc/paper/2020/file/244edd7e85dc81602b7615cd705545f5-Paper.pdf.
  54. Learning sum-product networks with direct and indirect variable interactions. In Eric P. Xing and Tony Jebara (eds.), Proceedings of the 31st International Conference on Machine Learning, volume 32 of Proceedings of Machine Learning Research, pp.  710–718, Bejing, China, 22–24 Jun 2014. PMLR. URL https://proceedings.mlr.press/v32/rooshenas14.html.
  55. Provably robust deep learning via adversarially trained smoothed classifiers. In Advances in Neural Information Processing Systems, pp. 11289–11300, 2019.
  56. A tutorial on conformal prediction. Journal of Machine Learning Research, 9(3), 2008.
  57. Improved deterministic l2 robustness on CIFAR-10 and CIFAR-100. In International Conference on Learning Representations, 2022.
  58. Multi split conformal prediction. Statistics & Probability Letters, 184:109395, 2022.
  59. Man vs. computer: Benchmarking machine learning algorithms for traffic sign recognition. Neural networks, 32:323–332, 2012.
  60. Intriguing properties of neural networks. In Yoshua Bengio and Yann LeCun (eds.), 2nd International Conference on Learning Representations, ICLR 2014, Banff, AB, Canada, April 14-16, 2014, Conference Track Proceedings, 2014.
  61. Lipschitz-margin training: scalable certification of perturbation invariance for deep neural networks. In Advances in Neural Information Processing Systems, 2018.
  62. Attention is all you need. Advances in neural information processing systems, 30, 2017.
  63. Algorithmic learning in a random world, volume 29. Springer, 2005.
  64. Machine-learning applications of algorithmic randomness. 1999.
  65. Decodingtrust: A comprehensive assessment of trustworthiness in gpt models. arXiv preprint arXiv:2306.11698, 2023.
  66. Provable defenses against adversarial examples via the convex outer adversarial polytope. In International Conference on Machine Learning, pp. 5286–5295, 2018.
  67. CROP: Certifying robust policies for reinforcement learning through functional smoothing. In International Conference on Learning Representations, 2022a.
  68. Copa: Certifying robust policies for offline reinforcement learning against poisoning attacks. In International Conference on Learning Representations, 2022b.
  69. Zero-shot learning—a comprehensive evaluation of the good, the bad and the ugly. IEEE transactions on pattern analysis and machine intelligence, 41(9):2251–2265, 2018.
  70. Spatially transformed adversarial examples. In 6th International Conference on Learning Representations, ICLR 2018, 2018.
  71. Crfl: Certifiably robust federated learning against backdoor attacks. In International Conference on Machine Learning, pp. 11372–11382. PMLR, 2021.
  72. Uncovering the connection between differential privacy and certified robustness of federated learning against poisoning attacks. arXiv preprint arXiv:2209.04030, 2022.
  73. Safebench: A benchmarking platform for safety evaluation of autonomous vehicles. Advances in Neural Information Processing Systems, 35:25667–25682, 2022a.
  74. A semantic loss function for deep learning with symbolic knowledge. In International conference on machine learning, pp. 5502–5511. PMLR, 2018.
  75. Lot: Layer-wise orthogonal training on improving l2 certified robustness. In Advances in Neural Information Processing Systems, 2022b.
  76. Finite-sample efficient conformal prediction. arXiv preprint arXiv:2104.13871, 2021.
  77. Improving certified robustness via statistical learning with logical reasoning. In Advances in Neural Information Processing Systems 35 (NeurIPS 2022), 2022.
  78. Neural-symbolic vqa: Disentangling reasoning from vision and language understanding. Advances in neural information processing systems, 31, 2018.
  79. Efficient neural network robustness certification with general activation functions. In Advances in neural information processing systems, pp. 4939–4948, 2018.
  80. CARE: Certifiably robust learning with reasoning via variational inference. In First IEEE Conference on Secure and Trustworthy Machine Learning, 2023. URL https://openreview.net/forum?id=1n6oWTTV1n.
Citations (5)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets