ON EXTENSIONS OF CLEVER: A NEURAL NETWORK ROBUSTNESS EVALUATION ALGORITHM
© 2018 IEEE. CLEVER (Cross-Lipschitz Extreme Value for nEtwork Robustness) is an Extreme Value Theory (EVT) based robustness score for large-scale deep neural networks (DNNs). In this paper, we propose two extensions on this robustness score. First, we provide a new formal robustness guarantee for c...
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2021
|
| Online Access: | https://hdl.handle.net/1721.1/137450 |
| _version_ | 1826197101661388800 |
|---|---|
| author | Weng, Tsui-Wei Zhang, Huan Chen, Pin-Yu Lozano, Aurelie Hsieh, Cho-Jui Daniel, Luca |
| author_facet | Weng, Tsui-Wei Zhang, Huan Chen, Pin-Yu Lozano, Aurelie Hsieh, Cho-Jui Daniel, Luca |
| author_sort | Weng, Tsui-Wei |
| collection | MIT |
| description | © 2018 IEEE. CLEVER (Cross-Lipschitz Extreme Value for nEtwork Robustness) is an Extreme Value Theory (EVT) based robustness score for large-scale deep neural networks (DNNs). In this paper, we propose two extensions on this robustness score. First, we provide a new formal robustness guarantee for classifier functions that are twice differentiable. We apply extreme value theory on the new formal robustness guarantee and the estimated robustness is called second-order CLEVER score. Second, we discuss how to handle gradient masking, a common defensive technique, using CLEVER with Backward Pass Differentiable Approximation (BPDA). With BPDA applied, CLEVER can evaluate the intrinsic robustness of neural networks of a broader class - networks with non-differentiable input transformations. We demonstrate the effectiveness of CLEVER with BPDA in experiments on a 121-layer Densenet model trained on the ImageNet dataset. |
| first_indexed | 2024-09-23T10:42:49Z |
| format | Article |
| id | mit-1721.1/137450 |
| institution | Massachusetts Institute of Technology |
| language | English |
| last_indexed | 2024-09-23T10:42:49Z |
| publishDate | 2021 |
| publisher | IEEE |
| record_format | dspace |
| spelling | mit-1721.1/1374502021-11-06T03:31:13Z ON EXTENSIONS OF CLEVER: A NEURAL NETWORK ROBUSTNESS EVALUATION ALGORITHM Weng, Tsui-Wei Zhang, Huan Chen, Pin-Yu Lozano, Aurelie Hsieh, Cho-Jui Daniel, Luca © 2018 IEEE. CLEVER (Cross-Lipschitz Extreme Value for nEtwork Robustness) is an Extreme Value Theory (EVT) based robustness score for large-scale deep neural networks (DNNs). In this paper, we propose two extensions on this robustness score. First, we provide a new formal robustness guarantee for classifier functions that are twice differentiable. We apply extreme value theory on the new formal robustness guarantee and the estimated robustness is called second-order CLEVER score. Second, we discuss how to handle gradient masking, a common defensive technique, using CLEVER with Backward Pass Differentiable Approximation (BPDA). With BPDA applied, CLEVER can evaluate the intrinsic robustness of neural networks of a broader class - networks with non-differentiable input transformations. We demonstrate the effectiveness of CLEVER with BPDA in experiments on a 121-layer Densenet model trained on the ImageNet dataset. 2021-11-05T13:37:18Z 2021-11-05T13:37:18Z 2018-11 2019-05-15T17:34:43Z Article http://purl.org/eprint/type/ConferencePaper https://hdl.handle.net/1721.1/137450 Weng, Tsui-Wei, Zhang, Huan, Chen, Pin-Yu, Lozano, Aurelie, Hsieh, Cho-Jui et al. 2018. "ON EXTENSIONS OF CLEVER: A NEURAL NETWORK ROBUSTNESS EVALUATION ALGORITHM." en 10.1109/globalsip.2018.8646356 Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/ application/pdf IEEE arXiv |
| spellingShingle | Weng, Tsui-Wei Zhang, Huan Chen, Pin-Yu Lozano, Aurelie Hsieh, Cho-Jui Daniel, Luca ON EXTENSIONS OF CLEVER: A NEURAL NETWORK ROBUSTNESS EVALUATION ALGORITHM |
| title | ON EXTENSIONS OF CLEVER: A NEURAL NETWORK ROBUSTNESS EVALUATION ALGORITHM |
| title_full | ON EXTENSIONS OF CLEVER: A NEURAL NETWORK ROBUSTNESS EVALUATION ALGORITHM |
| title_fullStr | ON EXTENSIONS OF CLEVER: A NEURAL NETWORK ROBUSTNESS EVALUATION ALGORITHM |
| title_full_unstemmed | ON EXTENSIONS OF CLEVER: A NEURAL NETWORK ROBUSTNESS EVALUATION ALGORITHM |
| title_short | ON EXTENSIONS OF CLEVER: A NEURAL NETWORK ROBUSTNESS EVALUATION ALGORITHM |
| title_sort | on extensions of clever a neural network robustness evaluation algorithm |
| url | https://hdl.handle.net/1721.1/137450 |
| work_keys_str_mv | AT wengtsuiwei onextensionsofcleveraneuralnetworkrobustnessevaluationalgorithm AT zhanghuan onextensionsofcleveraneuralnetworkrobustnessevaluationalgorithm AT chenpinyu onextensionsofcleveraneuralnetworkrobustnessevaluationalgorithm AT lozanoaurelie onextensionsofcleveraneuralnetworkrobustnessevaluationalgorithm AT hsiehchojui onextensionsofcleveraneuralnetworkrobustnessevaluationalgorithm AT danielluca onextensionsofcleveraneuralnetworkrobustnessevaluationalgorithm |