Show simple item record

dc.contributor.author
Ruoss, Anian
dc.contributor.author
Baader, Maximilian
dc.contributor.author
Balunović, Mislav
dc.contributor.author
Vechev, Martin
dc.date.accessioned
2021-09-07T13:21:22Z
dc.date.available
2021-09-04T16:59:27Z
dc.date.available
2021-09-07T13:21:22Z
dc.date.issued
2021-05-28
dc.identifier.isbn
978-1-57735-866-4
en_US
dc.identifier.issn
2159-5399
dc.identifier.issn
2374-3468
dc.identifier.uri
http://hdl.handle.net/20.500.11850/504071
dc.description.abstract
Recent work has exposed the vulnerability of computer vision models to vector field attacks. Due to the widespread usage of such models in safety-critical applications, it is crucial to quantify their robustness against such spatial transformations. However, existing work only provides empirical robustness quantification against vector field deformations via adversarial attacks, which lack provable guarantees. In this work, we propose novel convex relaxations, enabling us, for the first time, to provide a certificate of robustness against vector field transformations. Our relaxations are model-agnostic and can be leveraged by a wide range of neural network verifiers. Experiments on various network architectures and different datasets demonstrate the effectiveness and scalability of our method.
en_US
dc.language.iso
en
en_US
dc.publisher
AAAI
dc.subject
Adversarial attacks & robustness
en_US
dc.title
Efficient Certification of Spatial Robustness
en_US
dc.type
Conference Paper
dc.date.published
2021-05-18
ethz.journal.title
Proceedings of the AAAI Conference on Artificial Intelligence
ethz.journal.volume
35
en_US
ethz.journal.issue
3
en_US
ethz.pages.start
2504
en_US
ethz.pages.end
2513
en_US
ethz.event
35th AAAI Conference on Artificial Intelligence (AAAI 2021)
ethz.event.location
Online
ethz.event.date
February 2-9, 2021
ethz.identifier.wos
ethz.publication.place
Palo Alto, CA
ethz.publication.status
published
en_US
ethz.leitzahl
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02150 - Dep. Informatik / Dep. of Computer Science::02664 - Inst. f. Programmiersprachen u. -systeme / Inst. Programming Languages and Systems::03948 - Vechev, Martin / Vechev, Martin
ethz.leitzahl.certified
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02150 - Dep. Informatik / Dep. of Computer Science::02664 - Inst. f. Programmiersprachen u. -systeme / Inst. Programming Languages and Systems::03948 - Vechev, Martin / Vechev, Martin
ethz.identifier.url
https://ojs.aaai.org/index.php/AAAI/article/view/16352
ethz.date.deposited
2021-09-04T17:00:31Z
ethz.source
WOS
ethz.eth
yes
en_US
ethz.availability
Metadata only
en_US
ethz.rosetta.installDate
2021-09-07T13:21:38Z
ethz.rosetta.lastUpdated
2024-02-02T14:39:41Z
ethz.rosetta.versionExported
true
ethz.COinS
ctx_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.atitle=Efficient%20Certification%20of%20Spatial%20Robustness&rft.jtitle=Proceedings%20of%20the%20AAAI%20Conference%20on%20Artificial%20Intelligence&rft.date=2021-05-28&rft.volume=35&rft.issue=3&rft.spage=2504&rft.epage=2513&rft.issn=2159-5399&2374-3468&rft.au=Ruoss,%20Anian&Baader,%20Maximilian&Balunovi%C4%87,%20Mislav&Vechev,%20Martin&rft.isbn=978-1-57735-866-4&rft.genre=proceeding&
 Search print copy at ETH Library

Files in this item

FilesSizeFormatOpen in viewer

There are no files associated with this item.

Publication type

Show simple item record