A Provable Defense for Deep Residual Networks
2019-03-29Code Available0· sign in to hype
Matthew Mirman, Gagandeep Singh, Martin Vechev
Code Available — Be the first to reproduce this paper.
ReproduceCode
- github.com/eth-sri/diffaiOfficialIn paperpytorch★ 0
Abstract
We present a training system, which can provably defend significantly larger neural networks than previously possible, including ResNet-34 and DenseNet-100. Our approach is based on differentiable abstract interpretation and introduces two novel concepts: (i) abstract layers for fine-tuning the precision and scalability of the abstraction, (ii) a flexible domain specific language (DSL) for describing training objectives that combine abstract and concrete losses with arbitrary specifications. Our training method is implemented in the DiffAI system.