Fast Training of Provably Robust Neural Networks by SingleProp
This work addresses the efficiency problem for practitioners using certified defenses in adversarial machine learning, though it is incremental as it builds on existing methods.
The paper tackles the computational cost of training neural networks with certified robustness against adversarial attacks by introducing a new regularizer that requires only one additional forward propagation, achieving similar certified accuracy on MNIST and CIFAR-10 with improved training speed.
Recent works have developed several methods of defending neural networks against adversarial attacks with certified guarantees. However, these techniques can be computationally costly due to the use of certification during training. We develop a new regularizer that is both more efficient than existing certified defenses, requiring only one additional forward propagation through a network, and can be used to train networks with similar certified accuracy. Through experiments on MNIST and CIFAR-10 we demonstrate improvements in training speed and comparable certified accuracy compared to state-of-the-art certified defenses.