BNN-DP: Robustness Certification of Bayesian Neural Networks via Dynamic Programming

Steven Adams; Andrea Patanè; Morteza Lahijanian; Luca Laurenti

doi:10.5555/3618408.3618415

BNN-DP: Robustness Certification of Bayesian Neural Networks via Dynamic Programming

Steven Adams^*, Andrea Patanè, Morteza Lahijanian, Luca Laurenti

^*Corresponding author for this work

Team Luca Laurenti

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

9 Downloads (Pure)

Abstract

In this paper, we introduce BNN-DP, an efficient algorithmic framework for analysis of adversarial robustness of Bayesian Neural Networks (BNNs). Given a compact set of input points T ⊂ Rⁿ, BNN-DP computes lower and upper bounds on the BNN's predictions for all the points in T. The framework is based on an interpretation of BNNs as stochastic dynamical systems, which enables the use of Dynamic Programming (DP) algorithms to bound the prediction range along the layers of the network. Specifically, the method uses bound propagation techniques and convex relaxations to derive a backward recursion procedure to over-approximate the prediction range of the BNN with piecewise affine functions. The algorithm is general and can handle both regression and classification tasks. On a set of experiments on various regression and classification tasks and BNN architectures, we show that BNN-DP outperforms state-of-the-art methods by up to four orders of magnitude in both tightness of the bounds and computational efficiency.

Original language	English
Title of host publication	ICML'23: Proceedings of the 40th International Conference on Machine Learning
Editors	Andreas Krause, Emma Brunskill, Kyunghyun Cho
Publisher	Association for Computing Machinery (ACM)
Pages	133-151
Number of pages	19
DOIs	https://doi.org/10.5555/3618408.3618415
Publication status	Published - 2023
Event	40th International Conference on Machine Learning, ICML 2023 - Honolulu, United States Duration: 23 Jul 2023 → 29 Jul 2023

Publication series

Name	Proceedings of Machine Learning Research
Volume	202
ISSN (Print)	2640-3498

Conference

Conference	40th International Conference on Machine Learning, ICML 2023
Country/Territory	United States
City	Honolulu
Period	23/07/23 → 29/07/23

Access to Document

10.5555/3618408.3618415

adams23aFinal published version, 1.79 MB

Cite this

Adams, S., Patanè, A., Lahijanian, M., & Laurenti, L. (2023). BNN-DP: Robustness Certification of Bayesian Neural Networks via Dynamic Programming. In A. Krause, E. Brunskill, & K. Cho (Eds.), ICML'23: Proceedings of the 40th International Conference on Machine Learning (pp. 133-151). (Proceedings of Machine Learning Research; Vol. 202). Association for Computing Machinery (ACM). https://doi.org/10.5555/3618408.3618415

Adams, Steven ; Patanè, Andrea ; Lahijanian, Morteza et al. / BNN-DP: Robustness Certification of Bayesian Neural Networks via Dynamic Programming. ICML'23: Proceedings of the 40th International Conference on Machine Learning. editor / Andreas Krause ; Emma Brunskill ; Kyunghyun Cho. Association for Computing Machinery (ACM), 2023. pp. 133-151 (Proceedings of Machine Learning Research).

@inproceedings{32cfea91781e48f090fac57c6777c441,

title = "BNN-DP: Robustness Certification of Bayesian Neural Networks via Dynamic Programming",

abstract = "In this paper, we introduce BNN-DP, an efficient algorithmic framework for analysis of adversarial robustness of Bayesian Neural Networks (BNNs). Given a compact set of input points T ⊂ Rn, BNN-DP computes lower and upper bounds on the BNN's predictions for all the points in T. The framework is based on an interpretation of BNNs as stochastic dynamical systems, which enables the use of Dynamic Programming (DP) algorithms to bound the prediction range along the layers of the network. Specifically, the method uses bound propagation techniques and convex relaxations to derive a backward recursion procedure to over-approximate the prediction range of the BNN with piecewise affine functions. The algorithm is general and can handle both regression and classification tasks. On a set of experiments on various regression and classification tasks and BNN architectures, we show that BNN-DP outperforms state-of-the-art methods by up to four orders of magnitude in both tightness of the bounds and computational efficiency.",

author = "Steven Adams and Andrea Patan{\`e} and Morteza Lahijanian and Luca Laurenti",

year = "2023",

doi = "10.5555/3618408.3618415",

language = "English",

series = "Proceedings of Machine Learning Research",

publisher = "Association for Computing Machinery (ACM)",

pages = "133--151",

editor = "Andreas Krause and Emma Brunskill and Kyunghyun Cho",

booktitle = "ICML'23: Proceedings of the 40th International Conference on Machine Learning",

address = "United States",

note = "40th International Conference on Machine Learning, ICML 2023 ; Conference date: 23-07-2023 Through 29-07-2023",

}

Adams, S, Patanè, A, Lahijanian, M & Laurenti, L 2023, BNN-DP: Robustness Certification of Bayesian Neural Networks via Dynamic Programming. in A Krause, E Brunskill & K Cho (eds), ICML'23: Proceedings of the 40th International Conference on Machine Learning. Proceedings of Machine Learning Research, vol. 202, Association for Computing Machinery (ACM), pp. 133-151, 40th International Conference on Machine Learning, ICML 2023, Honolulu, United States, 23/07/23. https://doi.org/10.5555/3618408.3618415

BNN-DP: Robustness Certification of Bayesian Neural Networks via Dynamic Programming. / Adams, Steven; Patanè, Andrea; Lahijanian, Morteza et al.
ICML'23: Proceedings of the 40th International Conference on Machine Learning. ed. / Andreas Krause; Emma Brunskill; Kyunghyun Cho. Association for Computing Machinery (ACM), 2023. p. 133-151 (Proceedings of Machine Learning Research; Vol. 202).

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

TY - GEN

T1 - BNN-DP: Robustness Certification of Bayesian Neural Networks via Dynamic Programming

AU - Adams, Steven

AU - Patanè, Andrea

AU - Lahijanian, Morteza

AU - Laurenti, Luca

PY - 2023

Y1 - 2023

N2 - In this paper, we introduce BNN-DP, an efficient algorithmic framework for analysis of adversarial robustness of Bayesian Neural Networks (BNNs). Given a compact set of input points T ⊂ Rn, BNN-DP computes lower and upper bounds on the BNN's predictions for all the points in T. The framework is based on an interpretation of BNNs as stochastic dynamical systems, which enables the use of Dynamic Programming (DP) algorithms to bound the prediction range along the layers of the network. Specifically, the method uses bound propagation techniques and convex relaxations to derive a backward recursion procedure to over-approximate the prediction range of the BNN with piecewise affine functions. The algorithm is general and can handle both regression and classification tasks. On a set of experiments on various regression and classification tasks and BNN architectures, we show that BNN-DP outperforms state-of-the-art methods by up to four orders of magnitude in both tightness of the bounds and computational efficiency.

AB - In this paper, we introduce BNN-DP, an efficient algorithmic framework for analysis of adversarial robustness of Bayesian Neural Networks (BNNs). Given a compact set of input points T ⊂ Rn, BNN-DP computes lower and upper bounds on the BNN's predictions for all the points in T. The framework is based on an interpretation of BNNs as stochastic dynamical systems, which enables the use of Dynamic Programming (DP) algorithms to bound the prediction range along the layers of the network. Specifically, the method uses bound propagation techniques and convex relaxations to derive a backward recursion procedure to over-approximate the prediction range of the BNN with piecewise affine functions. The algorithm is general and can handle both regression and classification tasks. On a set of experiments on various regression and classification tasks and BNN architectures, we show that BNN-DP outperforms state-of-the-art methods by up to four orders of magnitude in both tightness of the bounds and computational efficiency.

UR - http://www.scopus.com/inward/record.url?scp=85174398514&partnerID=8YFLogxK

U2 - 10.5555/3618408.3618415

DO - 10.5555/3618408.3618415

M3 - Conference contribution

AN - SCOPUS:85174398514

T3 - Proceedings of Machine Learning Research

SP - 133

EP - 151

BT - ICML'23: Proceedings of the 40th International Conference on Machine Learning

A2 - Krause, Andreas

A2 - Brunskill, Emma

A2 - Cho, Kyunghyun

PB - Association for Computing Machinery (ACM)

T2 - 40th International Conference on Machine Learning, ICML 2023

Y2 - 23 July 2023 through 29 July 2023

ER -

Adams S, Patanè A, Lahijanian M, Laurenti L. BNN-DP: Robustness Certification of Bayesian Neural Networks via Dynamic Programming. In Krause A, Brunskill E, Cho K, editors, ICML'23: Proceedings of the 40th International Conference on Machine Learning. Association for Computing Machinery (ACM). 2023. p. 133-151. (Proceedings of Machine Learning Research). doi: 10.5555/3618408.3618415

BNN-DP: Robustness Certification of Bayesian Neural Networks via Dynamic Programming

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this