Adversarial attacks on neural net models (usually solving computer vision tasks) have been an active machine learning research topic for more than 10 years. To mitigate the devastating effect of adversarial examples the methods of adversarial defense are proposed, being mostly empirical approaches. That said, some proposed algorithms of defense provide theoretical guarantees under any type of attack - they constitute the direction of certified robustness. In this talk, I will present not only the classical methods of certified defense and approaches to improving it but also the essential problems of certified robustness approaches and what could be considered as the possible solution to these challenges.
Presentation made for webinars’ stream of NTR LABS.