Understanding ReLU Network Robustness Through Test Set Certification Performance

Nicola Franco, Jeanette Miriam Lorenz, Karsten Roscher, Stephan Günnemann

Publikation: Beitrag in Buch/Bericht/KonferenzbandKonferenzbeitragBegutachtung

Abstract

Neural networks can be vulnerable to small changes in input within their learning distribution, and this vulnerability increases for distributional shifts or input completely outside their training distribution. To ensure networks are used safely, robustness certificates offer formal assurances about the stability of their predictions in a pre-defined range around the input. However, the relationship between correctness and certified robustness remains unclear. In this work, we investigate the unexpected outcomes of verification methods applied to piecewise linear classifiers for clean, perturbed, in- and out-of-distribution samples. In our experiments focused on image classification, we observed that introducing a modest stability margin around the input sample leads to an important reduction in misclassified samples - approximately a 75% decrease - compared to the roughly 11% for samples that are correctly classified. This finding emphasizes the value of formal verification methods as an extra layer of safety, illustrating their effectiveness in enhancing accuracy for data that falls within the distribution. On the other hand, we provide a theoretical demonstration that formal verification methods robustly certify samples sufficiently far from the training distribution. These results are integrated with an experimental analysis and demonstrate their limitations compared to standard out-of-distribution detection methods.

OriginalspracheEnglisch
TitelProceedings - 2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops, CVPRW 2024
Herausgeber (Verlag)IEEE Computer Society
Seiten3451-3460
Seitenumfang10
ISBN (elektronisch)9798350365474
DOIs
PublikationsstatusVeröffentlicht - 2024
Veranstaltung2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops, CVPRW 2024 - Seattle, USA/Vereinigte Staaten
Dauer: 16 Juni 202422 Juni 2024

Publikationsreihe

NameIEEE Computer Society Conference on Computer Vision and Pattern Recognition Workshops
ISSN (Print)2160-7508
ISSN (elektronisch)2160-7516

Konferenz

Konferenz2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops, CVPRW 2024
Land/GebietUSA/Vereinigte Staaten
OrtSeattle
Zeitraum16/06/2422/06/24

Fingerprint

Untersuchen Sie die Forschungsthemen von „Understanding ReLU Network Robustness Through Test Set Certification Performance“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren