Riemannian data-dependent randomized smoothing for neural networks certification
Langue
en
Communication dans un congrès
Ce document a été publié dans
New Frontiers in Adversarial Machine Learning in theThirty-ninth International Conference on Machine Learning (ICML), 2022-07-17, Baltimore (MA). 2022
Résumé en anglais
Certification of neural networks is an important and challenging problem that has been attracting the attention of the machine learning community since few years. In this paper, we focus on randomized smoothing (RS) which ...Lire la suite >
Certification of neural networks is an important and challenging problem that has been attracting the attention of the machine learning community since few years. In this paper, we focus on randomized smoothing (RS) which is considered as the state-of-the-art method to obtain certifiably robust neural networks. In particular, a new data-dependent RS technique called ANCER introduced recently can be used to certify ellipses with orthogonal axis near each input data of the neural network. In this work, we remark that ANCER is not invariant under rotation of input data and propose a new rotationally-invariant formulation of it which can certify ellipses without constraints on their axis. Our approach called Riemannian Data Dependant Randomized Smoothing (RDDRS) relies on information geometry techniques on the manifold of covariance matrices and can certify bigger regions than ANCER based on our experiments on the MNIST dataset.< Réduire
Origine
Importé de halUnités de recherche