Abstract
Patch robustness certification ensures no patch within a given bound on a sample can manipulate a deep learning model to predict a different label. However, existing techniques cannot certify samples that cannot meet their strict bars at the classifier level or the patch region level. This paper proposes MajorCert. MajorCert firstly finds all possible label sets manipulatable by the same patch region on the same sample across the underlying classifiers, then enumerates their combinations element-wise, and finally checks whether the majority invariant of all these combinations is intact to certify samples. Copyright © 2023 IEEE.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of 2023 38th IEEE/ACM International Conference on Automated Software Engineering, ASE 2023 |
| Place of Publication | Danvers, MA |
| Publisher | IEEE |
| Pages | 1790-1794 |
| ISBN (Electronic) | 9798350329964 |
| DOIs | |
| Publication status | Published - 2023 |
Citation
Zhou, Q., Wei, Z., Wang, H., & Chan, W. K. (2023). A majority invariant approach to patch robustness certification for deep learning models. In Proceedings of 2023 38th IEEE/ACM International Conference on Automated Software Engineering, ASE 2023 (pp. 1790-1794). IEEE. https://doi.org/10.1109/ASE56229.2023.00137Keywords
- Patch robustness
- Certification
- Invariant