Adversarial Boot Camp: label free certified robustness in one epoch
Campbell, Ryan, Finlay, Chris, Oberman, Adam M
Machine learning models are vulnerable to adversarial attacks. One approach to addressing this vulnerability is certification, which focuses on models that are guaranteed to be robust for a given perturbation size. A drawback of recent certified models is that they are stochastic: they require multiple computationally expensive model evaluations with random noise added to a given input. In our work, we present a deterministic certification approach which results in a certifiably robust model. This approach is based on an equivalence between training with a particular regularized loss, and the expected values of Gaussian averages. We achieve certified models on ImageNet-1k by retraining a model with this loss for one epoch without the use of label information.
Oct-5-2020
- Country:
- North America
- United States > California
- San Francisco County > San Francisco (0.14)
- Los Angeles County > Long Beach (0.14)
- San Diego County > San Diego (0.04)
- Canada
- Quebec > Montreal (0.14)
- British Columbia > Metro Vancouver Regional District
- Vancouver (0.05)
- Alberta > Census Division No. 15
- Improvement District No. 9 > Banff (0.04)
- United States > California
- Europe
- Asia
- Middle East > Jordan (0.04)
- India > Maharashtra
- Pune (0.04)
- North America
- Genre:
- Research Report (0.83)
- Industry:
- Information Technology > Security & Privacy (0.35)
- Technology: