Efficient Certification of Spatial Robustness

Ruoss, Anian; Baader, Maximilian; Balunović, Mislav; Vechev, Martin

doi:10.48550/arxiv.2009.09318

Cited by 2 publications

(3 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recently, several popular geometric transformations as well as other transformations, such as intensity contrast, were formulated as a piece-wise nonlinear layer (Mohapatra et al 2020), thus allowing for exact certification based on a tighter formulation of classical ℓ p certification solvers commonly used for additive perturbations. Moreover, recent work (Ruoss et al 2021) generated optimal intervals and certify them for general vector fields deformations. However, all previous methods either inherently suffer from scalability limitations, or that they cannot certify a composition of transformations jointly.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

DeformRS: Certifying Input Deformations with Randomized Smoothing

Alfarra

Bibi

Khan

et al. 2022

AAAI

View full text Add to dashboard Cite

Deep neural networks are vulnerable to input deformations in the form of vector fields of pixel displacements and to other parameterized geometric deformations e.g. translations, rotations, etc. Current input deformation certification methods either (i) do not scale to deep networks on large input datasets, or (ii) can only certify a specific class of deformations, e.g. only rotations. We reformulate certification in randomized smoothing setting for both general vector field and parameterized deformations and propose DeformRS-VF and DeformRS-Par, respectively. Our new formulation scales to large networks on large input datasets. For instance, DeformRS-Par certifies rich deformations, covering translations, rotations, scaling, affine deformations, and other visually aligned deformations such as ones parameterized by Discrete-Cosine-Transform basis. Extensive experiments on MNIST, CIFAR10, and ImageNet show competitive performance of DeformRS-Par achieving a certified accuracy of 39\% against perturbed rotations in the set [-10 degree, 10 degree] on ImageNet.

show abstract

Section: Related Workmentioning

confidence: 99%

“…2019; Mohapatra et al 2020). Only recently has a certification approach been developed for the richer class of smooth vector fields (general displacement of pixels) (Ruoss et al 2021). However, all previous approaches require solving a mixed-integer or linear program, thus limiting their applicability to small DNNs on small datasets.…”

Section: Introductionmentioning

confidence: 99%

DeformRS: Certifying Input Deformations with Randomized Smoothing

Alfarra

Bibi

Khan

et al. 2022

AAAI

View full text Add to dashboard Cite

show abstract

“…These approaches have largely showed robustness and verification to norm bounded adversarial perturbations without trying to verify with respect to more semantically aligned properties of the input. Some papers [72][73][74] consider semantic perturbations like rotation, translation, occlusion, brightness change etc. directly in the pixel space, so the range of semantic variations that can be considered are more limited.…”

Section: Related Workmentioning

confidence: 99%

Auditing AI models for Verified Deployment under Semantic Specifications

Bharadhwaj¹,

Huang²,

Xiao³

et al. 2021

Preprint

View full text Add to dashboard Cite

Auditing trained deep learning (DL) models prior to deployment is vital in preventing unintended consequences. One of the biggest challenges in auditing is in understanding how we can obtain human-interpretable specifications that are directly useful to the end-user. We address this challenge through a sequence of semantically-aligned unit tests, where each unit test verifies whether a predefined specification (e.g., accuracy over 95%) is satisfied with respect to controlled and semantically aligned variations in the input space (e.g., in face recognition, the angle relative to the camera). We perform these unit tests by directly verifying the semantically aligned variations in an interpretable latent space of a generative model. Our framework, AuditAI, bridges the gap between interpretable formal verification and scalability. With evaluations on four different datasets, covering images of towers, chest X-rays, human faces, and ImageNet classes, we show how AuditAI allows us to obtain controlled variations for verification and certified training while addressing the limitations of verifying using only pixel-space perturbations. A blog post accompanying the paper is at this link auditai.github.io

show abstract

Efficient Certification of Spatial Robustness

Cited by 2 publications

References 2 publications

DeformRS: Certifying Input Deformations with Randomized Smoothing

DeformRS: Certifying Input Deformations with Randomized Smoothing

Auditing AI models for Verified Deployment under Semantic Specifications

Contact Info

Product

Resources

About