| | |
| | |
Stat |
Members: 3657 Articles: 2'599'751 Articles rated: 2609
06 October 2024 |
|
| | | |
|
Article overview
| |
|
On the Perils of Cascading Robust Classifiers | Ravi Mangal
; Zifan Wang
; Chi Zhang
; Klas Leino
; Corina Pasareanu
; Matt Fredrikson
; | Date: |
1 Jun 2022 | Abstract: | Ensembling certifiably robust neural networks has been shown to be a
promising approach for improving the emph{certified robust accuracy} of neural
models. Black-box ensembles that assume only query-access to the constituent
models (and their robustness certifiers) during prediction are particularly
attractive due to their modular structure. Cascading ensembles are a popular
instance of black-box ensembles that appear to improve certified robust
accuracies in practice. However, we find that the robustness certifier used by
a cascading ensemble is unsound. That is, when a cascading ensemble is
certified as locally robust at an input $x$, there can, in fact, be inputs $x’$
in the $epsilon$-ball centered at $x$, such that the cascade’s prediction at
$x’$ is different from $x$. We present an alternate black-box ensembling
mechanism based on weighted voting which we prove to be sound for robustness
certification. Via a thought experiment, we demonstrate that if the constituent
classifiers are suitably diverse, voting ensembles can improve certified
performance. Our code is available at
url{this https URL}. | Source: | arXiv, 2206.00278 | Services: | Forum | Review | PDF | Favorites |
|
|
No review found.
Did you like this article?
Note: answers to reviews or questions about the article must be posted in the forum section.
Authors are not allowed to review their own article. They can use the forum section.
|
| |
|
|
|