Abstract
Neural networks are known to be sensitive to adversarial perturbations. To investigate this undesired behavior we consider the problem of computing the distance to the decision boundary (DtDB) from a given sample for a deep neural net classifier. In this work we present a procedure where we solve a convex quadratic programming (QP) task to obtain a lower bound on the DtDB. This bound is used as a robustness certificate of the classifier around a given sample. We show that our approach provides better or competitive results in comparison with a wide range of existing techniques.
Original language | English |
---|---|
Pages (from-to) | 2407-2433 |
Number of pages | 27 |
Journal | Machine Learning |
Volume | 111 |
Issue number | 7 |
DOIs | |
State | Published - Jul 2022 |
Keywords
- Machine learning
- Minimal adversarial perturbation
- Neural networks
- Quadratic programming
- Robustness verification