Current browse context:
cs.LG
Change to browse by:
References & Citations
Computer Science > Machine Learning
Title: Formal Guarantees on the Robustness of a Classifier against Adversarial Manipulation
(Submitted on 23 May 2017 (v1), last revised 5 Nov 2017 (this version, v2))
Abstract: Recent work has shown that state-of-the-art classifiers are quite brittle, in the sense that a small adversarial change of an originally with high confidence correctly classified input leads to a wrong classification again with high confidence. This raises concerns that such classifiers are vulnerable to attacks and calls into question their usage in safety-critical systems. We show in this paper for the first time formal guarantees on the robustness of a classifier by giving instance-specific lower bounds on the norm of the input manipulation required to change the classifier decision. Based on this analysis we propose the Cross-Lipschitz regularization functional. We show that using this form of regularization in kernel methods resp. neural networks improves the robustness of the classifier without any loss in prediction performance.
Submission history
From: Matthias Hein [view email][v1] Tue, 23 May 2017 18:48:20 GMT (659kb,D)
[v2] Sun, 5 Nov 2017 20:58:09 GMT (983kb,D)
Link back to: arXiv, form interface, contact.