Summary of On Using Certified Training Towards Empirical Robustness, by Alessandro De Palma et al.
On Using Certified Training towards Empirical Robustness
by Alessandro De Palma, Serge Durand, Zakaria Chihani, François Terrier, Caterina Urban
First submitted to arxiv on: 2 Oct 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Cryptography and Security (cs.CR); Machine Learning (stat.ML)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary A recent paper investigates the relationship between certified training and empirical robustness against adversarial attacks. Certified training methods aim to produce networks with formal guarantees of robustness, whereas adversarial training focuses on providing empirical robustness through single-step or multi-step attacks. The study highlights a gap between the best-performing empirical and certified defenses, which limits their practical utility. To bridge this gap, the authors draw inspiration from recent developments in certified training, which combine adversarial attacks with network over-approximations to achieve robustness. They demonstrate that a recently proposed certified training algorithm can prevent catastrophic overfitting on single-step attacks when tuned appropriately, and can even match multi-step baselines under specific experimental settings. Furthermore, the authors introduce a novel regularizer for network over-approximations that achieves similar effects while significantly reducing runtime. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary This paper looks at how to make artificial intelligence systems more robust against attacks from hackers or malicious data. Right now, there are two main ways to achieve this: one method called adversarial training, and another called certified training. Adversarial training works well for small attacks, but it’s not very good for larger ones. Certified training is better at providing guarantees of robustness, but it’s not as good in practice. The authors want to bridge the gap between these two methods by combining them. They show that one certified training algorithm can work well for both single-step and multi-step attacks when used correctly. Additionally, they propose a new way to improve network over-approximations that reduces runtime while achieving similar results. |
Keywords
» Artificial intelligence » Overfitting
