Timezone: »
The use of neural networks in safety-critical computer vision systems calls for their robustness certification against natural geometric transformations (e.g., rotation, scaling). However, current certification methods target mostly norm-based pixel perturbations and cannot certify robustness against geometric transformations. In this work, we propose a new method to compute sound and asymptotically optimal linear relaxations for any composition of transformations. Our method is based on a novel combination of sampling and optimization. We implemented the method in a system called DeepG and demonstrated that it certifies significantly more complex geometric transformations than existing methods on both defended and undefended networks while scaling to large architectures.
Author Information
Mislav Balunovic (ETH Zurich)
Maximilian Baader (ETH Zürich)
Gagandeep Singh (ETH Zurich)
Timon Gehr (ETH Zurich)
Martin Vechev (ETH Zurich, Switzerland)
More from the Same Authors
-
2021 : Bayesian Framework for Gradient Leakage »
Mislav Balunovic · Dimitar Dimitrov · Martin Vechev -
2022 : Efficient Robustness Verification of Neural Ordinary Differential Equations »
Mustafa Zeqiri · Mark Müller · Marc Fischer · Martin Vechev -
2022 : Generating Intuitive Fairness Specifications for Natural Language Processing »
Florian E. Dorner · Momchil Peychev · Nikola Konstantinov · Naman Goel · Elliott Ash · Martin Vechev -
2022 : Just Avoid Robust Inaccuracy: Boosting Robustness Without Sacrificing Accuracy »
Yannick Merkli · Pavol Bielik · Petar Tsankov · Martin Vechev -
2022 : Certified Training: Small Boxes are All You Need »
Mark Müller · Franziska Eckert · Marc Fischer · Martin Vechev -
2022 : FARE: Provably Fair Representation Learning »
Nikola Jovanović · Mislav Balunovic · Dimitar Dimitrov · Martin Vechev -
2022 Poster: Learning to Configure Computer Networks with Neural Algorithmic Reasoning »
Luca Beurer-Kellner · Martin Vechev · Laurent Vanbever · Petar Veličković -
2022 Poster: (De-)Randomized Smoothing for Decision Stump Ensembles »
Miklós Horváth · Mark Müller · Marc Fischer · Martin Vechev -
2022 Poster: LAMP: Extracting Text from Gradients with Language Model Priors »
Mislav Balunovic · Dimitar Dimitrov · Nikola Jovanović · Martin Vechev -
2021 Poster: Automated Discovery of Adaptive Attacks on Adversarial Defenses »
Chengyuan Yao · Pavol Bielik · Petar Tsankov · Martin Vechev -
2020 Poster: Learning Certified Individually Fair Representations »
Anian Ruoss · Mislav Balunovic · Marc Fischer · Martin Vechev -
2020 Poster: Certified Defense to Image Transformations via Randomized Smoothing »
Marc Fischer · Maximilian Baader · Martin Vechev -
2019 Poster: Beyond the Single Neuron Convex Barrier for Neural Network Certification »
Gagandeep Singh · Rupanshu Ganvir · Markus Püschel · Martin Vechev -
2018 Poster: Learning to Solve SMT Formulas »
Mislav Balunovic · Pavol Bielik · Martin Vechev -
2018 Oral: Learning to Solve SMT Formulas »
Mislav Balunovic · Pavol Bielik · Martin Vechev -
2018 Poster: Fast and Effective Robustness Certification »
Gagandeep Singh · Timon Gehr · Matthew Mirman · Markus Püschel · Martin Vechev