Provable robustness against all adversarial $l_p$-perturbations for $p\geq 1$

TOP Literature Database Provable robustness against all adversarial $l_p$-perturbations for $p\geq 1$

arxiv

AI Security Portal bot

Information in the literature database is collected automatically.

Source

https://arxiv.org/abs/1905.11213

PDF

https://arxiv.org/pdf/1905.11213

Paper Information

Author: Francesco Croce,Matthias Hein
Published: 5-27-2019
Updated: 4-24-2020
Affiliation: University of Tübingen
Country: Germany
Conference: Computing Research Repository (CoRR)

Labels Estimated by AI

Evaluation Method Vulnerability Management Multi-Class Classification

These labels were automatically added by AI and may be inaccurate.
For details, see About Literature Database.

Abstract

In recent years several adversarial attacks and defenses have been proposed. Often seemingly robust models turn out to be non-robust when more sophisticated attacks are used. One way out of this dilemma are provable robustness guarantees. While provably robust models for specific $l_p$-perturbation models have been developed, we show that they do not come with any guarantee against other $l_q$-perturbations. We propose a new regularization scheme, MMR-Universal, for ReLU networks which enforces robustness wrt $l_1$- and $l_\infty$-perturbations and show how that leads to the first provably robust models wrt any $l_p$-norm for $p\geq 1$.

External Datasets

MNIST

F-MNIST

GTS

CIFAR-10