Summary of Prosac: Provably Safe Certification For Machine Learning Models Under Adversarial Attacks, by Chen Feng et al.
PROSAC: Provably Safe Certification for Machine Learning Models under Adversarial Attacks
by Chen Feng, Ziquan Liu, Zhuo Zhi, Ilija Bogunovic, Carsten Gerner-Beuerle, Miguel Rodrigues
First submitted to arxiv on: 4 Feb 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Cryptography and Security (cs.CR)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary A novel approach is proposed for certifying the performance of machine learning models in the presence of adversarial attacks, providing population-level risk guarantees. The framework introduces the concept of (,)-safe machine learning models and a hypothesis testing procedure based on calibration sets to derive statistical guarantees. Bayesian optimization algorithms are also developed to determine efficiently whether a model is (,)-safe under attack. The approach is applied to various vision Transformer (ViT) and ResNet models impaired by different adversarial attacks, showing that ViTs are generally more robust than ResNets, and larger models are more robust than smaller ones. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary Machine learning models can be vulnerable to adversarial attacks. A new way to check if a model is safe from these attacks is proposed. It uses a special set of examples called a calibration set to make sure the model is not tricked into thinking it’s safer than it really is. The method also includes algorithms that find the best combination of settings to determine if a model is safe quickly and accurately. This approach is tested on different models, like ViT and ResNet, and shows that bigger models are generally better at handling attacks. |
Keywords
* Artificial intelligence * Machine learning * Optimization * Resnet * Vision transformer * Vit
