Limitations of the Lipschitz constant as a defense against adversarial examples
This work addresses the problem of improving certified adversarial defenses for neural networks, but it is incremental as it critiques existing methods without proposing a new solution.
The paper analyzes methods for computing the Lipschitz constant to defend against adversarial examples in neural networks, finding that current approaches have theoretical and practical limitations, though the constant shows potential for enabling robust networks.
Several recent papers have discussed utilizing Lipschitz constants to limit the susceptibility of neural networks to adversarial examples. We analyze recently proposed methods for computing the Lipschitz constant. We show that the Lipschitz constant may indeed enable adversarially robust neural networks. However, the methods currently employed for computing it suffer from theoretical and practical limitations. We argue that addressing this shortcoming is a promising direction for future research into certified adversarial defenses.