Recent works have developed several methods of defending neural networks against adversarial attacks with certified guarantees. However, these techniques can be computationally costly due to the use of certification during training. We develop a new regularizer that is both more efficient than existing certified defenses, requiring only one additional forward propagation through a network, and can be used to train networks with similar certified accuracy. Through experiments on MNIST and CIFAR-10 we demonstrate improvements in training speed and comparable certified accuracy compared to state-of-the-art certified defenses.
翻译:最近的工作开发了几种方法来保护神经网络免受有证明的对抗性攻击,然而,由于培训期间使用认证,这些技术在计算上成本很高。 我们开发了一种新的常规化装置,它比现有的认证防御系统更有效,只需要通过网络再增加一次前方传播,并可用于培训具有类似认证准确性的网络。 通过对MNIST和CIFAR-10的实验,我们展示了与最先进的认证防御系统相比,培训速度和可比的认证准确性都有所提高。
相关内容
微信扫码咨询专知VIP会员