Proven: Verifying robustness of neural networks with a probabilistic approach

Abstract

We propose a novel framework PROVEN to PRObabilistically VErify Neural network's robustness with statistical guarantees. PROVEN provides probability certificates of neural network robustness when the input perturbation follow distributional characterization. Notably, PROVEN is derived from current state-of-the-art worst-case neural network robustness verification frameworks, and therefore it can provide probability certificates with little computational overhead on top of existing methods such as Fast-Lin, CROWN and CNN-Cert. Experiments on small and large MNIST and CIFAR neural network models demonstrate our probabilistic approach can tighten up robustness certificate to around 1.8× and 3.5× with at least a 99.99% confidence compared with the worst-case robustness certificate by CROWN and CNN-Cert.