Verifying robustness of neural network classifiers has attracted great interests and attention due to the success deep networks their unexpected vulnerability adversarial perturbations. Although finding minimum distortion (with ReLU activations) been shown be an NP-complete problem, obtaining a non-trivial lower bound as provable guarantee is possible. However, most previous works only focused on simple fully-connected layers (multilayer perceptrons) were limited activations. This motivates us propose general efficient framework, CNN-Cert, that capable certifying convolutional networks. Our framework – we can handle various architectures including layers, max-pooling batch normalization layer, residual blocks, well activation functions; our approach by exploiting special structure achieve up 17 11 times speed-up compared state-of-the-art certification algorithms (e.g. Fast-Lin, CROWN) 366 dual-LP while algorithm obtains similar or even better verification bounds. In addition, CNN-Cert generalizes e.g. Fast-Lin CROWN. We demonstrate extensive experiments method outperforms lowerbound-based in terms both quality speed.

Load

Load