Certified Robust Control under Adversarial Perturbations
This addresses a critical safety issue for autonomous systems by providing end-to-end certified robustness against adversarial attacks, representing a novel integration rather than an incremental improvement.
The paper tackles the problem of ensuring autonomous systems remain robust to adversarial input perturbations by proposing the first method to combine robustness certification of predictions with robust control, achieving certified robustness in control systems as demonstrated in adaptive vehicle control experiments.
Autonomous systems increasingly rely on machine learning techniques to transform high-dimensional raw inputs into predictions that are then used for decision-making and control. However, it is often easy to maliciously manipulate such inputs and, as a result, predictions. While effective techniques have been proposed to certify the robustness of predictions to adversarial input perturbations, such techniques have been disembodied from control systems that make downstream use of the predictions. We propose the first approach for composing robustness certification of predictions with respect to raw input perturbations with robust control to obtain certified robustness of control to adversarial input perturbations. We use a case study of adaptive vehicle control to illustrate our approach and show the value of the resulting end-to-end certificates through extensive experiments.