Bayesian Inference with Certifiable Adversarial Robustness
This work addresses the problem of deploying robust and reliable neural networks in safety-critical applications by providing certifiable adversarial guarantees, representing a novel integration rather than an incremental improvement.
The paper tackles adversarial training of deep neural networks by introducing a Bayesian framework for training certifiably robust Bayesian Neural Networks (BNNs) against worst-case perturbations, demonstrating successful training on datasets like MNIST, FashionMNIST, and CIFAR-10 with improved uncertainty calibration.
We consider adversarial training of deep neural networks through the lens of Bayesian learning, and present a principled framework for adversarial training of Bayesian Neural Networks (BNNs) with certifiable guarantees. We rely on techniques from constraint relaxation of non-convex optimisation problems and modify the standard cross-entropy error model to enforce posterior robustness to worst-case perturbations in $ε$-balls around input points. We illustrate how the resulting framework can be combined with methods commonly employed for approximate inference of BNNs. In an empirical investigation, we demonstrate that the presented approach enables training of certifiably robust models on MNIST, FashionMNIST and CIFAR-10 and can also be beneficial for uncertainty calibration. Our method is the first to directly train certifiable BNNs, thus facilitating their deployment in safety-critical applications.