Towards robust neural networks: evaluation and construction

Thesis

With their supreme performance in dealing with a large amount of data, neural networks have significantly benefited our lives in many aspects, from home assistants to autonomous driving cars. However, it is found that neural networks are brittle. By slightly perturbing the inputs in a way imperceptible to humans, neural networks can barely make any correct predictions. This seriously limits their applications in safety-critical areas, such as health care and finance. In this thesis, we study robust neural networks in the hope to facilitate a wider and more reliable use of neural networks. Specifically, we focus on evaluating and training robust neural networks.

We first consider robustness evaluation. A common approach for assessing the robustness of a neural network is through formal verification, which is often computationally expensive. We make several contributions to speed up the process. In brief, we adopt the idea that a majority of verification methods can be reformulated under a unified branch and bound framework. By dealing with the unified framework directly, we propose high-level improvements, including heuristics and a learned framework, for the branching and bounding components. Furthermore, we introduce new datasets to enable comprehensive comparison analyses of our methods with other existing ones.

In terms of constructing robust neural networks, we develop a new algorithm for efficient robust training. Many popular robust training methods rely on strong adversaries, which are costly to compute when the model complexity and input dimension are high. We design a novel framework that allows a more effective use of adversaries. As a result, to achieve similar performance, cheap and weak adversaries can be used instead. Based on the framework, we introduce the algorithm ATLAS. We demonstrate the effectiveness and efficiency of ATLAS by showing its outstanding performance on several standard datasets.

Authors: Lu, J

• DOI: 10.5287/ora-zg8brvp4q
• Type of award: DPhil
• Level of award: Doctoral
• Awarding institution: University of Oxford
• Language: English
• Keywords: verification; robustness
• Subjects: Supervised learning (Machine learning); Deep learning (Machine learning)