We propose a principled framework that combines adversarial training and provable robustness verification for training certifiably robust neural networks. We formulate the training problem as a joint optimization problem with both empirical and provable robustness objectives and develop a novel gradient-descent technique that can eliminate bias in stochastic multi-gradients. We perform both theoretical analysis on the convergence of the proposed technique and experimental comparison with state-of-the-arts. Results on MNIST and CIFAR-10 show that our method can match or outperform prior approaches for provable l infinity robustness.
Adversarial Training: embedding adversarial perturbations into the parameter space of a neural network to build a robust system
Disentangling factors of variation in deep representations using adversarial training
Exploring Model Robustness with Adaptive Networks and Improved Adversarial Training
![QR code for arXiv:2008.06081 [cs.LG]](http://oss.arxitics.com/images/favicon.svg)