Provable robustness against all adversarial $l_p$-perturbations for $p\geq 1$

Authors: Francesco Croce, Matthias Hein
Published: 2019-05-27 | Updated: 2020-04-24

Source: https://arxiv.org/abs/1905.11213

PDF: https://arxiv.org/pdf/1905.11213

Labels Predicted by AI

評価手法 脆弱性管理 マルチクラス分類

Please note that these labels were automatically added by AI. Therefore, they may not be entirely accurate.
For more details, please see the About the Literature Database page.

Abstract

In recent years several adversarial attacks and defenses have been proposed. Often seemingly robust models turn out to be non-robust when more sophisticated attacks are used. One way out of this dilemma are provable robustness guarantees. While provably robust models for specific l_p-perturbation models have been developed, we show that they do not come with any guarantee against other l_q-perturbations. We propose a new regularization scheme, MMR-Universal, for ReLU networks which enforces robustness wrt l₁– and l_∞-perturbations and show how that leads to the first provably robust models wrt any l_p-norm for p ≥ 1.