Recent work has exposed the vulnerability of computer vision models to vector field attacks. Due to the widespread usage of such models in safety-critical applications, it is crucial to quantify their robustness against such spatial transformations. However, existing work only provides empirical robustness quantification against vector field deformations via adversarial attacks, which lack provable guarantees. In this work, we propose novel convex relaxations, enabling us, for the first time, to provide a certificate of robustness against vector field transformations. Our relaxations are model-agnostic and can be leveraged by a wide range of neural network verifiers. Experiments on various network architectures and different datasets demonstrate the effectiveness and scalability of our method.
翻译:最近的工作暴露了计算机视觉模型在矢量场攻击面前的脆弱性。由于在安全关键应用中广泛使用这种模型,必须量化这些模型的稳健性以对抗这种空间变异。然而,现有工作只能提供实验性稳健性量化,以对付因对抗性攻击而导致的矢量场变形,而这种攻击缺乏可证实的保证。我们在此工作中提议新的convex放松,使我们第一次能够提供抗矢量场变形的稳健性证明。我们的放松是模型不可知性的,可以由广泛的神经网络核查员加以利用。关于各种网络结构和不同数据集的实验显示了我们方法的有效性和可扩缩性。
相关内容
微信扫码咨询专知VIP会员