| Ամփոփում: | Recent progress in neural network verification has challenged the notion of a convex
barrier, that is, an inherent weakness in the convex relaxation of the output of
a neural network. Specifically, there now exists a tight relaxation for verifying
the robustness of a neural network to `∞ input perturbations, as well as efficient
primal and dual solvers for the relaxation. Buoyed by this success, we consider
the problem of developing similar techniques for verifying robustness to input
perturbations within the probability simplex. We prove a somewhat surprising
result that, in this case, not only can one design a tight relaxation that overcomes
the convex barrier, but the size of the relaxation remains linear in the number of
neurons, thereby leading to simpler and more efficient algorithms. We establish
the scalability of our overall approach via the specification of `1 robustness for
CIFAR-10 and MNIST classification, where our approach improves the state of the
art verified accuracy by up to 14.4%. Furthermore, we establish its accuracy on
a novel and highly challenging task of verifying the robustness of a multi-modal
(text and image) classifier to arbitrary changes in its textual input.
|
|---|