Part ofAdvances in Neural Information Processing Systems 31 (NeurIPS 2018)
Gagandeep Singh, Timon Gehr, Matthew Mirman, Markus Püschel, Martin Vechev
We present a new method and system, called DeepZ, for certifying neural networkrobustness based on abstract interpretation. Compared to state-of-the-art automatedverifiers for neural networks, DeepZ: (i) handles ReLU, Tanh and Sigmoid activation functions, (ii) supports feedforward and convolutional architectures, (iii)is significantly more scalable and precise, and (iv) and is sound with respect tofloating point arithmetic. These benefits are due to carefully designed approximations tailored to the setting of neural networks. As an example, DeepZ achieves averification accuracy of 97% on a large network with 88,500 hidden units under$L_{\infty}$ attack with $\epsilon = 0.1$ with an average runtime of 133 seconds.
Requests for name changes in the electronic proceedings will be accepted with no questions asked. However name changes may cause bibliographic tracking issues. Authors are asked to consider this carefully and discuss it with their co-authors prior to requesting a name change in the electronic proceedings.
Use the "Report an Issue" link to request a name change.