CNN-Cert: An Efficient Framework for Certifying Robustness of Convolutional Neural Networks

Author(s)
Boopathy, AkhilanWeng, Tsui-WeiChen, Pin-YuLiu, SijiaDaniel, Luca
Thumbnail
DownloadSubmitted version (505.4Kb)
Open Access Policy
Terms of use
Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/
Metadata
Show full item record
Abstract
Verifying robustness of neural network classifiers has attracted great interests and attention due to the success of deep neural networks and their unexpected vulnerability to adversarial perturbations. Although finding minimum adversarial distortion of neural networks (with ReLU activations) has been shown to be an NP-complete problem, obtaining a non-trivial lower bound of minimum distortion as a provable robustness guarantee is possible. However, most previous works only focused on simple fully-connected layers (multilayer perceptrons) and were limited to ReLU activations. This motivates us to propose a general and efficient framework, CNN-Cert, that is capable of certifying robustness on general convolutional neural networks. Our framework is general - we can handle various architectures including convolutional layers, max-pooling layers, batch normalization layer, residual blocks, as well as general activation functions; our approach is efficient - by exploiting the special structure of convolutional layers, we achieve up to 17 and 11 times of speed-up compared to the state-of-the-art certification algorithms (e.g. Fast-Lin, CROWN) and 366 times of speed-up compared to the dual-LP approach while our algorithm obtains similar or even better verification bounds. In addition, CNN-Cert generalizes state-of-the-art algorithms e.g. Fast-Lin and CROWN. We demonstrate by extensive experiments that our method outperforms state-of-the-art lower-bound-based certification algorithms in terms of both bound quality and speed.
Date issued
2019-01
URI
https://hdl.handle.net/1721.1/129951
Department
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer ScienceMIT-IBM Watson AI Lab
Journal
Proceedings of the AAAI Conference on Artificial Intelligence
Publisher
Association for the Advancement of Artificial Intelligence (AAAI)
Citation
Boopathy, Akhilan et al. “CNN-Cert: An Efficient Framework for Certifying Robustness of Convolutional Neural Networks.” Paper in the Proceedings of the AAAI Conference on Artificial Intelligence, 33, 1 Thirty-Third AAAI Conference on Artificial Intelligence (AAAI-19), Honolulu, Hawaii, January 27–February 1, 2019, AAAI: 33013240 © 2019 The Author(s)
Version: Original manuscript
ISSN
2159-5399
2374-3468
Collections