Improving certified robustness via statistical learning with logical reasoning

Zhoulin Yang; Zhikuan Zhao; Boxin Wang; Jiawei Zhang; Linyi Li; Hengzhi Pei; Bojan Karlas; Ji Liu; Heng Guo; Ce  Zhang; Bo Li

Improving certified robustness via statistical learning with logical reasoning

Zhoulin Yang, Zhikuan Zhao, Boxin Wang, Jiawei Zhang, Linyi Li, Hengzhi Pei, Bojan Karlas, Ji Liu, Heng Guo, Ce Zhang, Bo Li

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Intensive algorithmic efforts have been made to enable the rapid improvements of certificated robustness for complex ML models recently. However, current robustness certification methods are only able to certify under a limited perturbation radius. Given that existing pure data-driven statistical approaches have reached a bottleneck, in this paper, we propose to integrate statistical ML models with knowledge (expressed as logical rules) as a reasoning component using Markov logic networks (MLN, so as to further improve the overall certified robustness. This opens new research questions about certifying the robustness of such a paradigm, especially the reasoning component (e.g., MLN). As the first step towards understanding these questions, we first prove that the computational complexity of certifying the robustness of MLN is #P-hard. Guided by this hardness result, we then derive the first certified robustness bound for MLN by carefully analyzing different model regimes. Finally, we conduct extensive experiments on five datasets including both high-dimensional images and natural language texts, and we show that the certified robustness with knowledge-based logical reasoning indeed significantly outperforms that of the state-of-the-arts.

Original language	English
Title of host publication	Advances in Neural Information Processing Systems 35 (NeurIPS 2022)
Publisher	Curran Associates Inc
Pages	34859-34873
Number of pages	15
Volume	35
ISBN (Print)	9781713871088
Publication status	Published - 1 Apr 2023
Event	The 36th Conference on Neural Information Processing Systems, 2022 - New Orleans, United States Duration: 28 Nov 2022 → 9 Dec 2022 Conference number: 36 https://neurips.cc/Conferences/2022

Publication series

Name	Advances in Neural Information Processing Systems
ISSN (Print)	1049-5258

Conference

Conference	The 36th Conference on Neural Information Processing Systems, 2022
Abbreviated title	NeurIPS 2022
Country/Territory	United States
City	New Orleans
Period	28/11/22 → 9/12/22
Internet address	https://neurips.cc/Conferences/2022

Access to Document

Improving certified_YANG_DOA14092022_AFV_CC-BYAccepted author manuscript, 2.47 MBLicence: Creative Commons: Attribution (CC-BY)

https://proceedings.neurips.cc/paper_files/paper/2022/hash/e1b248453bca182b6138b8c14a75340d-Abstract-Conference.htmlLicence: All Rights Reserved

Cite this

Yang, Z., Zhao, Z., Wang, B., Zhang, J., Li, L., Pei, H., Karlas, B., Liu, J., Guo, H., Zhang, C., & Li, B. (2023). Improving certified robustness via statistical learning with logical reasoning. In Advances in Neural Information Processing Systems 35 (NeurIPS 2022) (Vol. 35, pp. 34859-34873). (Advances in Neural Information Processing Systems). Curran Associates Inc. https://proceedings.neurips.cc/paper_files/paper/2022/hash/e1b248453bca182b6138b8c14a75340d-Abstract-Conference.html

@inproceedings{3ed87c13e0c44cbd9af9aa15a3546fba,

title = "Improving certified robustness via statistical learning with logical reasoning",

abstract = "Intensive algorithmic efforts have been made to enable the rapid improvements of certificated robustness for complex ML models recently. However, current robustness certification methods are only able to certify under a limited perturbation radius. Given that existing pure data-driven statistical approaches have reached a bottleneck, in this paper, we propose to integrate statistical ML models with knowledge (expressed as logical rules) as a reasoning component using Markov logic networks (MLN, so as to further improve the overall certified robustness. This opens new research questions about certifying the robustness of such a paradigm, especially the reasoning component (e.g., MLN). As the first step towards understanding these questions, we first prove that the computational complexity of certifying the robustness of MLN is #P-hard. Guided by this hardness result, we then derive the first certified robustness bound for MLN by carefully analyzing different model regimes. Finally, we conduct extensive experiments on five datasets including both high-dimensional images and natural language texts, and we show that the certified robustness with knowledge-based logical reasoning indeed significantly outperforms that of the state-of-the-arts.",

author = "Zhoulin Yang and Zhikuan Zhao and Boxin Wang and Jiawei Zhang and Linyi Li and Hengzhi Pei and Bojan Karlas and Ji Liu and Heng Guo and Ce Zhang and Bo Li",

year = "2023",

month = apr,

day = "1",

language = "English",

isbn = "9781713871088",

volume = "35",

series = "Advances in Neural Information Processing Systems",

publisher = "Curran Associates Inc",

pages = "34859--34873",

booktitle = "Advances in Neural Information Processing Systems 35 (NeurIPS 2022)",

note = "The 36th Conference on Neural Information Processing Systems, 2022, NeurIPS 2022 ; Conference date: 28-11-2022 Through 09-12-2022",

url = "https://neurips.cc/Conferences/2022",

}

Yang, Z, Zhao, Z, Wang, B, Zhang, J, Li, L, Pei, H, Karlas, B, Liu, J, Guo, H, Zhang, C & Li, B 2023, Improving certified robustness via statistical learning with logical reasoning. in Advances in Neural Information Processing Systems 35 (NeurIPS 2022). vol. 35, Advances in Neural Information Processing Systems, Curran Associates Inc, pp. 34859-34873, The 36th Conference on Neural Information Processing Systems, 2022, New Orleans, Louisiana, United States, 28/11/22. <https://proceedings.neurips.cc/paper_files/paper/2022/hash/e1b248453bca182b6138b8c14a75340d-Abstract-Conference.html>

Improving certified robustness via statistical learning with logical reasoning. / Yang, Zhoulin; Zhao, Zhikuan; Wang, Boxin et al.
Advances in Neural Information Processing Systems 35 (NeurIPS 2022). Vol. 35 Curran Associates Inc, 2023. p. 34859-34873 (Advances in Neural Information Processing Systems).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Improving certified robustness via statistical learning with logical reasoning

AU - Yang, Zhoulin

AU - Zhao, Zhikuan

AU - Wang, Boxin

AU - Zhang, Jiawei

AU - Li, Linyi

AU - Pei, Hengzhi

AU - Karlas, Bojan

AU - Liu, Ji

AU - Guo, Heng

AU - Zhang, Ce

AU - Li, Bo

N1 - Conference code: 36

PY - 2023/4/1

Y1 - 2023/4/1

N2 - Intensive algorithmic efforts have been made to enable the rapid improvements of certificated robustness for complex ML models recently. However, current robustness certification methods are only able to certify under a limited perturbation radius. Given that existing pure data-driven statistical approaches have reached a bottleneck, in this paper, we propose to integrate statistical ML models with knowledge (expressed as logical rules) as a reasoning component using Markov logic networks (MLN, so as to further improve the overall certified robustness. This opens new research questions about certifying the robustness of such a paradigm, especially the reasoning component (e.g., MLN). As the first step towards understanding these questions, we first prove that the computational complexity of certifying the robustness of MLN is #P-hard. Guided by this hardness result, we then derive the first certified robustness bound for MLN by carefully analyzing different model regimes. Finally, we conduct extensive experiments on five datasets including both high-dimensional images and natural language texts, and we show that the certified robustness with knowledge-based logical reasoning indeed significantly outperforms that of the state-of-the-arts.

AB - Intensive algorithmic efforts have been made to enable the rapid improvements of certificated robustness for complex ML models recently. However, current robustness certification methods are only able to certify under a limited perturbation radius. Given that existing pure data-driven statistical approaches have reached a bottleneck, in this paper, we propose to integrate statistical ML models with knowledge (expressed as logical rules) as a reasoning component using Markov logic networks (MLN, so as to further improve the overall certified robustness. This opens new research questions about certifying the robustness of such a paradigm, especially the reasoning component (e.g., MLN). As the first step towards understanding these questions, we first prove that the computational complexity of certifying the robustness of MLN is #P-hard. Guided by this hardness result, we then derive the first certified robustness bound for MLN by carefully analyzing different model regimes. Finally, we conduct extensive experiments on five datasets including both high-dimensional images and natural language texts, and we show that the certified robustness with knowledge-based logical reasoning indeed significantly outperforms that of the state-of-the-arts.

M3 - Conference contribution

SN - 9781713871088

VL - 35

T3 - Advances in Neural Information Processing Systems

SP - 34859

EP - 34873

BT - Advances in Neural Information Processing Systems 35 (NeurIPS 2022)

PB - Curran Associates Inc

T2 - The 36th Conference on Neural Information Processing Systems, 2022

Y2 - 28 November 2022 through 9 December 2022

ER -

Improving certified robustness via statistical learning with logical reasoning

Abstract

Publication series

Conference

Access to Document

Fingerprint

Cite this