Timezone: »
Poster
Certified Defense to Image Transformations via Randomized Smoothing
Marc Fischer · Maximilian Baader · Martin Vechev
We extend randomized smoothing to cover parameterized transformations (e.g., rotations, translations) and certify robustness in the parameter space (e.g., rotation angle). This is particularly challenging as interpolation and rounding effects mean that image transformations do not compose, in turn preventing direct certification of the perturbed image (unlike certification with $\ell^p$ norms). We address this challenge by introducing three different defenses, each with a different guarantee (heuristic, distributional and individual) stemming from the method used to bound the interpolation error. Importantly, in the individual case, we show how to efficiently compute the inverse of an image transformation, enabling us to provide individual guarantees in the online setting. We provide an implementation of all methods at https://github.com/eth-sri/transformation-smoothing.
Author Information
Marc Fischer (ETH Zurich)
Maximilian Baader (ETH Zürich)
Martin Vechev (ETH Zurich, Switzerland)
More from the Same Authors
-
2021 : Bayesian Framework for Gradient Leakage »
Mislav Balunovic · Dimitar Dimitrov · Martin Vechev -
2022 : Efficient Robustness Verification of Neural Ordinary Differential Equations »
Mustafa Zeqiri · Mark Müller · Marc Fischer · Martin Vechev -
2022 : Generating Intuitive Fairness Specifications for Natural Language Processing »
Florian E. Dorner · Momchil Peychev · Nikola Konstantinov · Naman Goel · Elliott Ash · Martin Vechev -
2022 : Just Avoid Robust Inaccuracy: Boosting Robustness Without Sacrificing Accuracy »
Yannick Merkli · Pavol Bielik · Petar Tsankov · Martin Vechev -
2022 : Certified Training: Small Boxes are All You Need »
Mark Müller · Franziska Eckert · Marc Fischer · Martin Vechev -
2022 : FARE: Provably Fair Representation Learning »
Nikola Jovanović · Mislav Balunovic · Dimitar Dimitrov · Martin Vechev -
2022 Poster: Learning to Configure Computer Networks with Neural Algorithmic Reasoning »
Luca Beurer-Kellner · Martin Vechev · Laurent Vanbever · Petar Veličković -
2022 Poster: (De-)Randomized Smoothing for Decision Stump Ensembles »
Miklós Horváth · Mark Müller · Marc Fischer · Martin Vechev -
2022 Poster: LAMP: Extracting Text from Gradients with Language Model Priors »
Mislav Balunovic · Dimitar Dimitrov · Nikola Jovanović · Martin Vechev -
2021 Poster: Automated Discovery of Adaptive Attacks on Adversarial Defenses »
Chengyuan Yao · Pavol Bielik · Petar Tsankov · Martin Vechev -
2020 Poster: Learning Certified Individually Fair Representations »
Anian Ruoss · Mislav Balunovic · Marc Fischer · Martin Vechev -
2019 Poster: Beyond the Single Neuron Convex Barrier for Neural Network Certification »
Gagandeep Singh · Rupanshu Ganvir · Markus Püschel · Martin Vechev -
2019 Poster: Certifying Geometric Robustness of Neural Networks »
Mislav Balunovic · Maximilian Baader · Gagandeep Singh · Timon Gehr · Martin Vechev -
2018 Poster: Learning to Solve SMT Formulas »
Mislav Balunovic · Pavol Bielik · Martin Vechev -
2018 Oral: Learning to Solve SMT Formulas »
Mislav Balunovic · Pavol Bielik · Martin Vechev -
2018 Poster: Fast and Effective Robustness Certification »
Gagandeep Singh · Timon Gehr · Matthew Mirman · Markus Püschel · Martin Vechev