Bayesian inference with certifiable adversarial robustness

Conference item

We consider adversarial training of deep neural networks through the lens of Bayesian learning and present a principled framework for adversarial training of Bayesian Neural Networks (BNNs) with certifiable guarantees. We rely on techniques from constraint relaxation of non-convex optimisation problems and modify the standard cross-entropy error model to enforce posterior robustness to worst-case perturbations in ϵ−balls around input points. We illustrate how the resulting framework can be combined with methods commonly employed for approximate inference of BNNs. In an empirical investigation, we demonstrate that the presented approach enables training of certifiably robust models on MNIST, FashionMNIST, and CIFAR-10 and can also be beneficial for uncertainty calibration. Our method is the first to directly train certifiable BNNs, thus facilitating their deployment in safety-critical applications.

Authors: Wicker, M; Laurenti, L; Patane, A; Chen, Z; Zhang, Z

• Publication status: Published
• Peer review status: Peer reviewed
• Publisher: Journal of Machine Learning Research
• Pages: 2431-2439
• Series: Proceedings of Machine Learning Research
• Series number: 130
• Publication date: 2021-03-18
• Acceptance date: 2021-02-22
• Event title: 24th International Conference on Artificial Intelligence and Statistics (AISTATS 2021)
• Event location: Virtual event
• Event website: https://aistats.org/aistats2021/
• Event start date: 2021-04-13
• Event end date: 2021-04-15
• ISSN: 2640-3498
• Language: English
• Keywords: FFR