Search Results for author:
Found 15 papers, 7 papers with code
Is Certifying $\ell_p$ Robustness Still Worthwhile?
There are three layers to this inquiry, which we address in this paper: (1) why do we care about robustness research?
A Recipe for Improved Certifiable Robustness: Capacity and Data
A key challenge, supported both theoretically and empirically, is that robustness demands greater network capacity and more data than standard training.
Unlocking Deterministic Robustness Certification on ImageNet
We show that fast ways of bounding the Lipschitz constant for conventional ResNets are loose, and show how to address this by designing a new residual block, leading to the \emph{Linear ResNet} (LiResNet) architecture.
Limitations of Piecewise Linearity for Efficient Robustness Certification
Certified defenses against small-norm adversarial examples have received growing attention in recent years; though certified accuracies of state-of-the-art methods remain far below their non-robust counterparts, despite the fact that benchmark datasets have been shown to be well-separated at far larger radii than the literature generally attempts to certify.
On the Perils of Cascading Robust Classifiers
We present \emph{cascade attack} (CasA), an adversarial attack against cascading ensembles, and show that: (1) there exists an adversarial input for up to 88\% of the samples where the ensemble claims to be certifiably robust and accurate; and (2) the accuracy of a cascading ensemble under our attack is as low as 11\% when it claims to be certifiably robust and accurate on 97\% of the test set.
Selective Ensembles for Consistent Predictions
Recent work has shown that models trained to the same objective, and which achieve similar measures of accuracy on consistent test data, may nonetheless behave very differently on individual predictions.
Degradation Attacks on Certifiably Robust Neural Networks
Certifiably robust neural networks employ provable run-time defenses against adversarial examples by checking if the model is locally robust at the input under evaluation.
Self-Correcting Neural Networks For Safe Classification
These constraints relate requirements on the order of the classes output by a classifier to conditions on its input, and are expressive enough to encode various interesting examples of classifier safety specifications from the literature.
Relaxing Local Robustness
Certifiable local robustness, which rigorously precludes small-norm adversarial examples, has received significant attention as a means of addressing security concerns in deep learning.
Globally-Robust Neural Networks
We show that widely-used architectures can be easily adapted to this objective by incorporating efficient global Lipschitz bounds into the network, yielding certifiably-robust models by construction that achieve state-of-the-art verifiable accuracy.
Influence Paths for Characterizing Subject-Verb Number Agreement in LSTM Language Models
LSTM-based recurrent neural networks are the state-of-the-art for many natural language processing (NLP) tasks.
Fast Geometric Projections for Local Robustness Certification
Local robustness ensures that a model classifies all inputs within an $\ell_2$-ball consistently, which precludes various forms of adversarial inputs.
Stolen Memories: Leveraging Model Memorization for Calibrated White-Box Membership Inference
Membership inference (MI) attacks exploit the fact that machine learning algorithms sometimes leak information about their training data through the learned model.
Feature-Wise Bias Amplification
This overestimation gives rise to feature-wise bias amplification -- a previously unreported form of bias that can be traced back to the features of a trained model.
Influence-Directed Explanations for Deep Convolutional Networks
We study the problem of explaining a rich class of behavioral properties of deep neural networks.
