Great advances in deep neural networks (DNNs) have led to state-of-the-art performance on a wide range of tasks. However, recent studies have shown that DNNs are vulnerable to adversarial attacks, which have brought great concerns when deploying these models to safety-critical applications such as autonomous driving. Different defense approaches have been proposed against adversarial attacks, including: a) empirical defenses, which usually can be adaptively attacked again without providing robustness certification; and b) certifiably robust approaches which consist of robustness verification providing the lower bound of robust accuracy against any attacks under certain conditions and corresponding robust training approaches. In this paper, we systematize the certifiably robust approaches and related practical and theoretical implications and findings. We also provide the first comprehensive benchmark on existing robustness verification and training approaches on different datasets. In particular, we 1) provide a taxonomy for the robustness verification and training approaches, as well as summarize the methodologies for representative algorithms, 2) reveal the characteristics, strengths, limitations, and fundamental connections among these approaches, 3) discuss current research progresses, theoretical barriers, main challenges, and future directions for certifiably robust approaches for DNNs, and 4) provide an open-sourced unified platform to evaluate over 20 representative certifiably robust approaches for a wide range of DNNs.
翻译:深入的神经网络(DNNs)取得巨大进步,导致在一系列广泛任务上取得最先进的实绩;然而,最近的研究表明,DNNs很容易受到对抗性攻击,这在将这些模型用于安全关键应用(如自主驱动)时引起了极大的关注;针对敌对性攻击提出了不同的防御方法,包括:(a) 经验防御,通常可以再次因地制宜地攻击,而不提供稳健的认证;和(b) 确实可靠的可靠方法,包括稳健的核查,提供在某些条件下对任何攻击的可靠准确性较低约束,以及相应的稳健的培训方法;在本文件中,我们将可证实的稳健的方法以及相关的实际和理论影响和研究结果系统化。我们还为现有稳健的稳健性核查和不同数据集的培训方法提供了第一个全面基准。 特别是,我们(1) 为稳健健的核查和培训方法提供分类,并概述代表性算法的方法,2 揭示这些方法的特点、强、强、局限性和基本联系,3) 讨论目前的研究进展、理论障碍、主要挑战和未来方向。
相关内容
微信扫码咨询专知VIP会员