CC-Cert: A Probabilistic Approach to Certify General Robustness of Neural Networks
This addresses the need for provable safety guarantees in safety-critical ML applications, offering a method to certify robustness beyond traditional additive perturbations.
The paper tackles the problem of certifying neural networks against general adversarial attacks, including semantic perturbations like rotation and translation, by proposing a probabilistic certification approach based on Chernoff-Cramer bounds, with experimental validation on various datasets.
In safety-critical machine learning applications, it is crucial to defend models against adversarial attacks -- small modifications of the input that change the predictions. Besides rigorously studied $\ell_p$-bounded additive perturbations, recently proposed semantic perturbations (e.g. rotation, translation) raise a serious concern on deploying ML systems in real-world. Therefore, it is important to provide provable guarantees for deep learning models against semantically meaningful input transformations. In this paper, we propose a new universal probabilistic certification approach based on Chernoff-Cramer bounds that can be used in general attack settings. We estimate the probability of a model to fail if the attack is sampled from a certain distribution. Our theoretical findings are supported by experimental results on different datasets.