Abstract
Neural networks are known to be sensitive to adversarial perturbations. To investigate this undesired behavior we consider the problem of computing the distance to the decision boundary (DtDB) from a given sample for a deep neural net classifier. In this work we present a procedure where we solve a convex quadratic programming (QP) task to obtain a lower bound on the DtDB. This bound is used as a robustness certificate of the classifier around a given sample. We show that our approach provides better or competitive results in comparison with a wide range of existing techniques.
Originalsprache | Englisch |
---|---|
Seiten (von - bis) | 2407-2433 |
Seitenumfang | 27 |
Fachzeitschrift | Machine Learning |
Jahrgang | 111 |
Ausgabenummer | 7 |
DOIs | |
Publikationsstatus | Veröffentlicht - Juli 2022 |