Semantic image perturbations, such as scaling and rotation, have been shown to easily deceive deep neural networks (DNNs). Hence, training DNNs to be certifiably robust to these perturbations is critical. However, no prior work has been able to incorporate the objective of deterministic semantic robustness into the training procedure, as existing deterministic semantic verifiers are exceedingly slow. To address these challenges, we propose Certified Semantic Training (CST), the first training framework for deterministic certified robustness against semantic image perturbations. Our framework leverages a novel GPU-optimized verifier that, unlike existing works, is fast enough for use in training. Our results show that networks trained via CST consistently achieve both better provable semantic robustness and clean accuracy, compared to networks trained via baselines based on existing works.

翻译：测量和旋转等语义图像扰动被证明很容易欺骗深神经网络(DNNs ) 。 因此,培训DNNs, 使这些扰动具有可验证的稳健性至关重要。然而,先前没有一项工作能够将确定性语义稳健性的目标纳入培训程序,因为现有的确定性语义验证程序极为缓慢。为了应对这些挑战,我们提议认证性语义培训(CST),这是第一个确定性认证的稳健性防止语义图像扰动性的培训框架。我们的框架利用了新型的GPU操作化验证器,与现有工程不同,该验证器足以在培训中使用。我们的结果表明,通过科技委培训的网络与通过基于现有工程的基线培训的网络相比,始终能够实现更好的可识别性语义稳健和清洁准确性。