Robustness verification of ReLU networks via quadratic programming

Neural networks are known to be sensitive to adversarial perturbations. To investigate this undesired behavior we consider the problem of computing the distance to the decision boundary (DtDB) from a given sample for a deep neural net classifier. In this work we present a procedure where we solve a convex quadratic programming (QP) task to obtain a lower bound on the DtDB. This bound is used as a robustness certificate of the classifier around a given sample. We show that our approach provides better or competitive results in comparison with a wide range of existing techniques.

Automated summary

This research presents a method to obtain a lower bound on the distance to the decision boundary (DtDB) for a deep neural network classifier by solving a convex quadratic programming task, which serves as a robustness certificate for the classifier around a given sample. The approach shows better or competitive results compared to a wide range of existing techniques.