EU Horizon 2020
Horizon 2020
HomeNewsCase StudiesPeopleKey Prior PublicationsPublications
[BPLCK+20] Arno Blaas and Andrea Patane and Luca Laurenti and Luca Cardelli and Marta Kwiatkowska and Stephen Roberts. Adversarial Robustness Guarantees for Classification with Gaussian Processes. AISTATS. 2020. [pdf] [bib]
Downloads:  pdf pdf (605 KB)  bib bib
Abstract. We investigate adversarial robustness of Gaus- sian Process Classification (GPC) models. Given a compact subset of the input space T  Rd enclosing a test point x and a GPC trained on a dataset D, we aim to compute the minimum and the maximum classification probability for the GPC over all the points in T. In order to do so, we show how functions lower- and upper- bounding the GPC output in T can be derived, and implement those in a branch and bound op- timisation algorithm. For any error threshold ϵ > 0 selected a priori, we show that our al- gorithm is guaranteed to reach values ϵ-close to the actual values in finitely many iterations. We apply our method to investigate the robustness of GPC models on a 2D synthetic dataset, the SPAMdataset and a subset of the MNIST dataset, providing comparisons of different GPC training techniques, and show how our method can be used for interpretability analysis. Our empirical analysis suggests that GPC robustness increases with more accurate posterior estimation.