Provably Robust Detection of Out-of-distribution Data (almost) for free
This addresses the need for reliable uncertainty assessment in safety-critical ML systems, offering a robust solution to OOD detection with provable guarantees.
The paper tackles the problem of deep neural networks producing overconfident predictions on out-of-distribution (OOD) data, even with existing defenses, by constructing a classifier that achieves provably adversarially robust OOD detection and high clean accuracy, while avoiding asymptotic overconfidence.
The application of machine learning in safety-critical systems requires a reliable assessment of uncertainty. However, deep neural networks are known to produce highly overconfident predictions on out-of-distribution (OOD) data. Even if trained to be non-confident on OOD data, one can still adversarially manipulate OOD data so that the classifier again assigns high confidence to the manipulated samples. We show that two previously published defenses can be broken by better adapted attacks, highlighting the importance of robustness guarantees around OOD data. Since the existing method for this task is hard to train and significantly limits accuracy, we construct a classifier that can simultaneously achieve provably adversarially robust OOD detection and high clean accuracy. Moreover, by slightly modifying the classifier's architecture our method provably avoids the asymptotic overconfidence problem of standard neural networks. We provide code for all our experiments.