Lipschitz-Margin Training: Scalable Certification of Perturbation Invariance for Deep Neural Networks
share
High sensitivity of neural networks against malicious perturbations on inputs causes security concerns. We aim to ensure perturbation invariance in their predictions. However, prior work requires strong assumptions on network structures and massive computational costs, and thus their applications are limited. In this paper, based on Lipschitz constants and prediction margins, we present a widely applicable and computationally efficient method to lower-bound the size of adversarial perturbations that networks can never be deceived. Moreover, we propose an efficient training procedure to strengthen perturbation invariance. In experimental evaluations, our method showed its ability to provide a strong guarantee for even large networks.
READ FULL TEXT