Saved in:
Bibliographic Details
Main Author: De Palma, Alessandro
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2602.02626
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866914303295094784
author De Palma, Alessandro
author_facet De Palma, Alessandro
contents Adversarial training attains strong empirical robustness to specific adversarial attacks by training on concrete adversarial perturbations, but it produces neural networks that are not amenable to strong robustness certificates through neural network verification. On the other hand, earlier certified training schemes directly train on bounds from network relaxations to obtain models that are certifiably robust, but display sub-par standard performance. Recent work has shown that state-of-the-art trade-offs between certified robustness and standard performance can be obtained through a family of losses combining adversarial outputs and neural network bounds. Nevertheless, differently from empirical robustness, verifiability still comes at a significant cost in standard performance. In this work, we propose to leverage empirically-robust teachers to improve the performance of certifiably-robust models through knowledge distillation. Using a versatile feature-space distillation objective, we show that distillation from adversarially-trained teachers consistently improves on the state-of-the-art in certified training for ReLU networks across a series of robust computer vision benchmarks.
format Preprint
id arxiv_https___arxiv_org_abs_2602_02626
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Learning Better Certified Models from Empirically-Robust Teachers
De Palma, Alessandro
Machine Learning
Adversarial training attains strong empirical robustness to specific adversarial attacks by training on concrete adversarial perturbations, but it produces neural networks that are not amenable to strong robustness certificates through neural network verification. On the other hand, earlier certified training schemes directly train on bounds from network relaxations to obtain models that are certifiably robust, but display sub-par standard performance. Recent work has shown that state-of-the-art trade-offs between certified robustness and standard performance can be obtained through a family of losses combining adversarial outputs and neural network bounds. Nevertheless, differently from empirical robustness, verifiability still comes at a significant cost in standard performance. In this work, we propose to leverage empirically-robust teachers to improve the performance of certifiably-robust models through knowledge distillation. Using a versatile feature-space distillation objective, we show that distillation from adversarially-trained teachers consistently improves on the state-of-the-art in certified training for ReLU networks across a series of robust computer vision benchmarks.
title Learning Better Certified Models from Empirically-Robust Teachers
topic Machine Learning
url https://arxiv.org/abs/2602.02626