Title | Optimising Network Architectures for Provable Adversarial Robustness |
Publication Type | Conference Paper |
Year of Publication | 2020 |
Authors | Gouk, Henry, Hospedales, Timothy M. |
Conference Name | 2020 Sensor Signal Processing for Defence Conference (SSPD) |
Date Published | sep |
Keywords | artificial neural network, compositionality, Computational modeling, Computer vision, network architecture, Neural networks, Perturbation methods, Predictive Metrics, Predictive models, provable security, pubcrawl, Resiliency, Robustness, Training |
Abstract | Existing Lipschitz-based provable defences to adversarial examples only cover the L2 threat model. We introduce the first bound that makes use of Lipschitz continuity to provide a more general guarantee for threat models based on any Lp norm. Additionally, a new strategy is proposed for designing network architectures that exhibit superior provable adversarial robustness over conventional convolutional neural networks. Experiments are conducted to validate our theoretical contributions, show that the assumptions made during the design of our novel architecture hold in practice, and quantify the empirical robustness of several Lipschitz-based adversarial defence methods. |
DOI | 10.1109/SSPD47486.2020.9272169 |
Citation Key | gouk_optimising_2020 |