Liu, ChenSalzmann, MathieuSusstrunk, Sabine2022-01-012022-01-012022-01-01202310.1109/TNNLS.2021.3111892https://infoscience.epfl.ch/handle/20.500.14299/184111WOS:000732134700001Training certifiable neural networks enables us to obtain models with robustness guarantees against adversarial attacks. In this work, we introduce a framework to obtain a provable adversarial-free region in the neighborhood of the input data by a polyhedral envelope, which yields more fine-grained certified robustness than existing methods. We further introduce polyhedral envelope regularization (PER) to encourage larger adversarial-free regions and thus improve the provable robustness of the models. We demonstrate the flexibility and effectiveness of our framework on standard benchmarks; it applies to networks of different architectures and with general activation functions. Compared with state of the art, PER has negligible computational overhead; it achieves better robustness guarantees and accuracy on the clean data in various settings.Computer Science, Artificial IntelligenceComputer Science, Hardware & ArchitectureComputer Science, Theory & MethodsEngineering, Electrical & ElectronicComputer ScienceEngineeringrobustnesstrainingpredictive modelscomputational modelingstandardssmoothing methodsrecurrent neural networksadversarial trainingprovable robustnesstext::journal::journal article::research article