Precise and Generalized Robustness Certification for Neural Networks
- URL: http://arxiv.org/abs/2306.06747v1
- Date: Sun, 11 Jun 2023 19:00:41 GMT
- Title: Precise and Generalized Robustness Certification for Neural Networks
- Authors: Yuanyuan Yuan, Shuai Wang, and Zhendong Su
- Abstract summary: The objective of neural network (NN) robustness certification is to determine if a NN changes its predictions when mutations are made to its inputs.
This paper proposes a novel framework, GCERT, which certifies NN robustness under a precise and unified form of diverse semantic-level image mutations.
- Score: 13.880775045434381
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: The objective of neural network (NN) robustness certification is to determine
if a NN changes its predictions when mutations are made to its inputs. While
most certification research studies pixel-level or a few geometrical-level and
blurring operations over images, this paper proposes a novel framework, GCERT,
which certifies NN robustness under a precise and unified form of diverse
semantic-level image mutations. We formulate a comprehensive set of
semantic-level image mutations uniformly as certain directions in the latent
space of generative models. We identify two key properties, independence and
continuity, that convert the latent space into a precise and analysis-friendly
input space representation for certification. GCERT can be smoothly integrated
with de facto complete, incomplete, or quantitative certification frameworks.
With its precise input space representation, GCERT enables for the first time
complete NN robustness certification with moderate cost under diverse
semantic-level input mutations, such as weather-filter, style transfer, and
perceptual changes (e.g., opening/closing eyes). We show that GCERT enables
certifying NN robustness under various common and security-sensitive scenarios
like autonomous driving.
Related papers
- AdaptPrompt: Parameter-Efficient Adaptation of VLMs for Generalizable Deepfake Detection [7.76090543025328]
Recent advances in image generation have led to the widespread availability of highly realistic synthetic media, increasing the difficulty of reliable deepfake detection.<n>A key challenge is generalization, as detectors trained on a narrow class of generators often fail when confronted with unseen models.<n>We address the pressing need for generalizable detection by leveraging large vision-language models, specifically CLIP, to identify synthetic content across diverse generative techniques.
arXiv Detail & Related papers (2025-12-19T16:06:03Z) - Uncertainty-Guided Selective Adaptation Enables Cross-Platform Predictive Fluorescence Microscopy [65.15943255667733]
We introduce Subnetwork Image Translation ADDA with automatic depth selection (SIT-ADDA-Auto)<n>We show that adapting only the earliest convolutional layers, while freezing deeper layers, yields reliable transfer.<n>Our results provide a design rule for label-free adaptation in microscopy and a recipe for field settings; the code is publicly available.
arXiv Detail & Related papers (2025-11-15T03:01:05Z) - Crane: Context-Guided Prompt Learning and Attention Refinement for Zero-Shot Anomaly Detection [50.343419243749054]
Anomaly detection is critical in fields such as medical diagnostics and industrial defect detection.<n> CLIP's coarse-grained image-text alignment limits localization and detection performance for fine-grained anomalies.<n>Crane improves the state-of-the-art ZSAD from 2% to 28%, at both image and pixel levels, while remaining competitive in inference speed.
arXiv Detail & Related papers (2025-04-15T10:42:25Z) - A Dataset for Semantic Segmentation in the Presence of Unknowns [49.795683850385956]
Existing datasets allow evaluation of only knowns or unknowns - but not both.
We propose a novel anomaly segmentation dataset, ISSU, that features a diverse set of anomaly inputs from cluttered real-world environments.
The dataset is twice larger than existing anomaly segmentation datasets.
arXiv Detail & Related papers (2025-03-28T10:31:01Z) - Exact Certification of (Graph) Neural Networks Against Label Poisoning [50.87615167799367]
We introduce an exact certification method for label flipping in Graph Neural Networks (GNNs)
We apply our method to certify a broad range of GNN architectures in node classification tasks.
Our work presents the first exact certificate to a poisoning attack ever derived for neural networks.
arXiv Detail & Related papers (2024-11-30T17:05:12Z) - Quantum Information-Empowered Graph Neural Network for Hyperspectral Change Detection [19.31936427826067]
This work introduces quantum deep network (QUEEN) into hyperspectral change detection (HCD)
QUEEN provides radically new information for deciding whether there is a change or not.
The superior HCD performance of the proposed QUEEN-empowered GNN (i.e., QUEEN-G) will be experimentally demonstrated on real hyperspectral datasets.
arXiv Detail & Related papers (2024-11-12T07:30:32Z) - Open-Set Deepfake Detection: A Parameter-Efficient Adaptation Method with Forgery Style Mixture [58.60915132222421]
We introduce an approach that is both general and parameter-efficient for face forgery detection.
We design a forgery-style mixture formulation that augments the diversity of forgery source domains.
We show that the designed model achieves state-of-the-art generalizability with significantly reduced trainable parameters.
arXiv Detail & Related papers (2024-08-23T01:53:36Z) - Affine-Consistent Transformer for Multi-Class Cell Nuclei Detection [76.11864242047074]
We propose a novel Affine-Consistent Transformer (AC-Former), which directly yields a sequence of nucleus positions.
We introduce an Adaptive Affine Transformer (AAT) module, which can automatically learn the key spatial transformations to warp original images for local network training.
Experimental results demonstrate that the proposed method significantly outperforms existing state-of-the-art algorithms on various benchmarks.
arXiv Detail & Related papers (2023-10-22T02:27:02Z) - Improving Uncertainty Quantification of Variance Networks by
Tree-Structured Learning [10.566352737844369]
We propose a novel tree-structured local neural network model that partitions the feature space into multiple regions based on uncertainty heterogeneity.
The proposed Uncertainty-Splitting Neural Regression Tree (USNRT) employs novel splitting criteria.
USNRT or its ensemble shows superior performance compared to some recent popular methods for quantifying uncertainty with variances.
arXiv Detail & Related papers (2022-12-24T05:25:09Z) - Localized Randomized Smoothing for Collective Robustness Certification [60.83383487495282]
We propose a more general collective robustness certificate for all types of models.
We show that this approach is beneficial for the larger class of softly local models.
The certificate is based on our novel localized randomized smoothing approach.
arXiv Detail & Related papers (2022-10-28T14:10:24Z) - Generalizability of Adversarial Robustness Under Distribution Shifts [57.767152566761304]
We take a first step towards investigating the interplay between empirical and certified adversarial robustness on one hand and domain generalization on another.
We train robust models on multiple domains and evaluate their accuracy and robustness on an unseen domain.
We extend our study to cover a real-world medical application, in which adversarial augmentation significantly boosts the generalization of robustness with minimal effect on clean data accuracy.
arXiv Detail & Related papers (2022-09-29T18:25:48Z) - Provable Defense Against Geometric Transformations [4.281091463408283]
We propose the first provable defense for deterministic certified geometric robustness.
We show that our framework consistently achieves state-of-the-art deterministic certified geometric robustness and clean accuracy.
For the first time, we verify the geometric robustness of a neural network for the challenging, real-world setting of autonomous driving.
arXiv Detail & Related papers (2022-07-22T16:40:03Z) - Two-Stream Graph Convolutional Network for Intra-oral Scanner Image
Segmentation [133.02190910009384]
We propose a two-stream graph convolutional network (i.e., TSGCN) to handle inter-view confusion between different raw attributes.
Our TSGCN significantly outperforms state-of-the-art methods in 3D tooth (surface) segmentation.
arXiv Detail & Related papers (2022-04-19T10:41:09Z) - Visual Saliency Transformer [127.33678448761599]
We develop a novel unified model based on a pure transformer, Visual Saliency Transformer (VST), for both RGB and RGB-D salient object detection (SOD)
It takes image patches as inputs and leverages the transformer to propagate global contexts among image patches.
Experimental results show that our model outperforms existing state-of-the-art results on both RGB and RGB-D SOD benchmark datasets.
arXiv Detail & Related papers (2021-04-25T08:24:06Z) - TSS: Transformation-Specific Smoothing for Robustness Certification [37.87602431929278]
Motivated adversaries can mislead machine learning systems by perturbing test data using semantic transformations.
We provide TSS -- a unified framework for certifying ML robustness against general adversarial semantic transformations.
We show TSS is the first approach that achieves nontrivial certified robustness on the large-scale ImageNet dataset.
arXiv Detail & Related papers (2020-02-27T19:19:32Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.