Saved in:
Bibliographic Details
Main Authors: Bai, Jia-Hau, Liu, Chi-Ting, Wang, Yu, Chang, Fu-Chieh, Wu, Pei-Yuan
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2407.09550
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866911025053302784
author Bai, Jia-Hau
Liu, Chi-Ting
Wang, Yu
Chang, Fu-Chieh
Wu, Pei-Yuan
author_facet Bai, Jia-Hau
Liu, Chi-Ting
Wang, Yu
Chang, Fu-Chieh
Wu, Pei-Yuan
contents This study uses CAPM (Convex Adversarial Polytope for Maxpool-based CNN) to improve the verified bound for general purpose maxpool-based convolutional neural networks (CNNs) under bounded norm adversarial perturbations. The maxpool function is decomposed as a series of ReLU functions to extend the convex relaxation technique to maxpool functions, by which the verified bound can be efficiently computed through a dual network. The experimental results demonstrate that this technique allows the state-of-the-art verification precision for maxpool-based CNNs and involves a much lower computational cost than current verification methods, such as DeepZ, DeepPoly and PRIMA. This method is also applicable to large-scale CNNs, which previous studies show to be often computationally prohibitively expensive. Under certain circumstances, CAPM is 40-times, 20-times or twice as fast and give a significantly higher verification bound (CAPM 98% vs. PRIMA 76%/DeepPoly 73%/DeepZ 8%) as compared to PRIMA/DeepPoly/DeepZ. Furthermore, we additionally present the time complexity of our algorithm as $O(W^2NK)$, where $W$ is the maximum width of the neural network, $N$ is the number of neurons, and $K$ is the size of the maxpool layer's kernel.
format Preprint
id arxiv_https___arxiv_org_abs_2407_09550
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle CAPM: Fast and Robust Verification on Maxpool-based CNN via Dual Network
Bai, Jia-Hau
Liu, Chi-Ting
Wang, Yu
Chang, Fu-Chieh
Wu, Pei-Yuan
Computer Vision and Pattern Recognition
Artificial Intelligence
Machine Learning
This study uses CAPM (Convex Adversarial Polytope for Maxpool-based CNN) to improve the verified bound for general purpose maxpool-based convolutional neural networks (CNNs) under bounded norm adversarial perturbations. The maxpool function is decomposed as a series of ReLU functions to extend the convex relaxation technique to maxpool functions, by which the verified bound can be efficiently computed through a dual network. The experimental results demonstrate that this technique allows the state-of-the-art verification precision for maxpool-based CNNs and involves a much lower computational cost than current verification methods, such as DeepZ, DeepPoly and PRIMA. This method is also applicable to large-scale CNNs, which previous studies show to be often computationally prohibitively expensive. Under certain circumstances, CAPM is 40-times, 20-times or twice as fast and give a significantly higher verification bound (CAPM 98% vs. PRIMA 76%/DeepPoly 73%/DeepZ 8%) as compared to PRIMA/DeepPoly/DeepZ. Furthermore, we additionally present the time complexity of our algorithm as $O(W^2NK)$, where $W$ is the maximum width of the neural network, $N$ is the number of neurons, and $K$ is the size of the maxpool layer's kernel.
title CAPM: Fast and Robust Verification on Maxpool-based CNN via Dual Network
topic Computer Vision and Pattern Recognition
Artificial Intelligence
Machine Learning
url https://arxiv.org/abs/2407.09550