Certification of neural networks is an important and challenging problem that has been attracting the attention of the machine learning community since few years. In this paper, we focus on randomized smoothing (RS) which is considered as the state-of-the-art method to obtain certifiably robust neural networks. In particular, a new data-dependent RS technique called ANCER introduced recently can be used to certify ellipses with orthogonal axis near each input data of the neural network. In this work, we remark that ANCER is not invariant under rotation of input data and propose a new rotationally-invariant formulation of it which can certify ellipses without constraints on their axis. Our approach called Riemannian Data Dependant Randomized Smoothing (RDDRS) relies on information geometry techniques on the manifold of covariance matrices and can certify bigger regions than ANCER based on our experiments on the MNIST dataset.
翻译:神经网络的认证是一个重要和具有挑战性的问题,自几年以来一直引起机器学习界的注意。在本文中,我们侧重于随机化的平滑(RS),这被认为是获得可证实的强大神经网络的最先进方法。特别是,最近推出的一种新的依赖数据的RS技术,称为ANCER, 可用于认证神经网络每个输入数据附近带有正方轴的椭圆流。在这项工作中,我们指出,ANCER在输入数据的轮换下并不是无变无常的,我们建议了一种新的旋转性内变式配方,这种配方可以无限制地验证椭圆。我们称之为Riemannian数据脱钩随机化滑动(RDDAS)的方法依靠的是多种共变矩阵的信息几何技术,并根据我们在MNIST数据集上的实验,可以证明比ANCER更大的区域。
相关内容
微信扫码咨询专知VIP会员