Geometric Certifications of Neural Nets

revbucket, updated 🕥 2022-11-22 03:13:46

GeoCert

Geometric-inspired algorithm for solving the general problem of finding the largest l_p ball centered at a point x for a union of polytopes which form a polyhedral complex. This algorithm is provably correct for p equal or larger than 1. Primary application found in certifying the adversarial robustness of multilayer ReLu networks. Created by Matt Jordan and Justin Lewis.

Check out our paper on arXiv: Provable Certificates for Adversarial Examples: Fitting a Ball in the Union of Polytopes.

Some example results:

Maximal l_2 projections | Network Input Partioning -----------------------------------------|----------------------------------------- |

News

• 09/13/2019: Version 0.2 refactor deployed
• 09/03/2019: Accepted (poster) to NeurIPS 2019
• 06/11/2019: Contributed Talk at ICML Workshop on Security and Privacy of Machine Learning
• 03/20/2019: ArXiv Release and Version 0.1 deployed

Primary Contents

Functions:

• Computing the minimal distance adversarial example under L2 and L norms. That is, given a classifier f and an input x, GeoCert computes the δ with minimal Lp norm such that f(x) ≠ f(x+δ).
• Answering the decision problem of robustness. Given a classifier f, an input x and a radius ε, answer the decision problem: "Does there exist a point y with ||y-x||p ≤ ε such that f(y)≠ f(x)?"
• Recalling that ReLU neural networks are piecewise linear, GeoCert can be leveraged to exactly count the number of linear regions intersecting a specified Lp ball.

Examples:

• 2D_example.ipynb: Basic example using a binary classifier on 2-dimensional inputs to demonstrate the primary functionalities of GeoCert
• MNIST_example.ipynb: More fleshed-out example, where the classifier is trained to distinguish between 1's and 7's from the MNIST Dataset.

Getting Started

These instructions will get you a copy of the project up and running on your local machine for development and testing purposes.

Dependencies

Requisite python packages are contained within the file requirements.txt. The mister_ed adversarial example toolbox is used to compute upper bounds. This is maintained as a subrepository within this one.

GeoCert makes many many calls to linear program solvers (in the $\ell_\infty$ case) or LCQP solvers (in the $\ell_2$) case. We use the Gurobi Optimizer for this. Visit their homepage to acquire a free academic license.

Installing

1. Clone the repository: shell $git clone https://github.com/revbucket/geometric-certificates$ cd geometric-certificates

Authors

• Matt Jordan- University of Texas at Austin
• Justin Lewis- University of Texas at Austin

Issues

Bump pillow from 5.3.0 to 9.3.0 in /mister_ed

opened on 2022-11-22 03:13:42 by dependabot[bot]

Bumps pillow from 5.3.0 to 9.3.0.

Release notes

Sourced from pillow's releases.

Changes

... (truncated)

Changelog

Sourced from pillow's changelog.

9.3.0 (2022-10-29)

• Limit SAMPLESPERPIXEL to avoid runtime DOS #6700 [wiredfool]

• Initialize libtiff buffer when saving #6699 [radarhere]

• Inline fname2char to fix memory leak #6329 [nulano]

• Fix memory leaks related to text features #6330 [nulano]

• Use double quotes for version check on old CPython on Windows #6695 [hugovk]

• Remove backup implementation of Round for Windows platforms #6693 [cgohlke]

• Fixed set_variation_by_name offset #6445 [radarhere]

• Fix malloc in _imagingft.c:font_setvaraxes #6690 [cgohlke]

• Release Python GIL when converting images using matrix operations #6418 [hmaarrfk]

• Do not modify previous frame when calculating delta in PNG #6683 [radarhere]

• Decode JPEG compressed BLP1 data in original mode #6678 [radarhere]

• Do not attempt normalization if mode is already normal #6644 [radarhere]

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - @dependabot rebase will rebase this PR - @dependabot recreate will recreate this PR, overwriting any edits that have been made to it - @dependabot merge will merge this PR after your CI passes on it - @dependabot squash and merge will squash and merge this PR after your CI passes on it - @dependabot cancel merge will cancel a previously requested merge and block automerging - @dependabot reopen will reopen this PR if it is closed - @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - @dependabot use these labels will set the current labels as the default for future PRs for this repo and language - @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language - @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language - @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/revbucket/geometric-certificates/network/alerts).

Bump numpy from 1.15.4 to 1.22.0 in /mister_ed

opened on 2022-06-21 21:50:11 by dependabot[bot]

Bumps numpy from 1.15.4 to 1.22.0.

Release notes

Sourced from numpy's releases.

NumPy 1.22.0 Release Notes

NumPy 1.22.0 is a big release featuring the work of 153 contributors spread over 609 pull requests. There have been many improvements, highlights are:

• Annotations of the main namespace are essentially complete. Upstream is a moving target, so there will likely be further improvements, but the major work is done. This is probably the most user visible enhancement in this release.
• A preliminary version of the proposed Array-API is provided. This is a step in creating a standard collection of functions that can be used across application such as CuPy and JAX.
• NumPy now has a DLPack backend. DLPack provides a common interchange format for array (tensor) data.
• New methods for quantile, percentile, and related functions. The new methods provide a complete set of the methods commonly found in the literature.
• A new configurable allocator for use by downstream projects.

These are in addition to the ongoing work to provide SIMD support for commonly used functions, improvements to F2PY, and better documentation.

The Python versions supported in this release are 3.8-3.10, Python 3.7 has been dropped. Note that 32 bit wheels are only provided for Python 3.8 and 3.9 on Windows, all other wheels are 64 bits on account of Ubuntu, Fedora, and other Linux distributions dropping 32 bit support. All 64 bit wheels are also linked with 64 bit integer OpenBLAS, which should fix the occasional problems encountered by folks using truly huge arrays.

Expired deprecations

Deprecated numeric style dtype strings have been removed

Using the strings "Bytes0", "Datetime64", "Str0", "Uint32", and "Uint64" as a dtype will now raise a TypeError.

(gh-19539)

Expired deprecations for loads, ndfromtxt, and mafromtxt in npyio

numpy.loads was deprecated in v1.15, with the recommendation that users use pickle.loads instead. ndfromtxt and mafromtxt were both deprecated in v1.17 - users should use numpy.genfromtxt instead with the appropriate value for the usemask parameter.

(gh-19615)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - @dependabot rebase will rebase this PR - @dependabot recreate will recreate this PR, overwriting any edits that have been made to it - @dependabot merge will merge this PR after your CI passes on it - @dependabot squash and merge will squash and merge this PR after your CI passes on it - @dependabot cancel merge will cancel a previously requested merge and block automerging - @dependabot reopen will reopen this PR if it is closed - @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - @dependabot use these labels will set the current labels as the default for future PRs for this repo and language - @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language - @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language - @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/revbucket/geometric-certificates/network/alerts).

Bump ipython from 7.1.1 to 7.16.3 in /mister_ed

opened on 2022-01-21 19:47:39 by dependabot[bot]

Bumps ipython from 7.1.1 to 7.16.3.

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - @dependabot rebase will rebase this PR - @dependabot recreate will recreate this PR, overwriting any edits that have been made to it - @dependabot merge will merge this PR after your CI passes on it - @dependabot squash and merge will squash and merge this PR after your CI passes on it - @dependabot cancel merge will cancel a previously requested merge and block automerging - @dependabot reopen will reopen this PR if it is closed - @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - @dependabot use these labels will set the current labels as the default for future PRs for this repo and language - @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language - @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language - @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/revbucket/geometric-certificates/network/alerts).

Bump dask from 0.20.1 to 2021.10.0 in /mister_ed

opened on 2021-10-27 18:55:53 by dependabot[bot]

Bumps dask from 0.20.1 to 2021.10.0.

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - @dependabot rebase will rebase this PR - @dependabot recreate will recreate this PR, overwriting any edits that have been made to it - @dependabot merge will merge this PR after your CI passes on it - @dependabot squash and merge will squash and merge this PR after your CI passes on it - @dependabot cancel merge will cancel a previously requested merge and block automerging - @dependabot reopen will reopen this PR if it is closed - @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - @dependabot use these labels will set the current labels as the default for future PRs for this repo and language - @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language - @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language - @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/revbucket/geometric-certificates/network/alerts).

Bump pygments from 2.2.0 to 2.7.4 in /mister_ed

opened on 2021-03-29 19:10:03 by dependabot[bot]

Bumps pygments from 2.2.0 to 2.7.4.

Release notes

Sourced from pygments's releases.

2.7.4

• Updated lexers:

• Apache configurations: Improve handling of malformed tags (#1656)

• CSS: Add support for variables (#1633, #1666)

• Crystal (#1650, #1670)

• Coq (#1648)

• Fortran: Add missing keywords (#1635, #1665)

• Ini (#1624)

• JavaScript and variants (#1647 -- missing regex flags, #1651)

• Markdown (#1623, #1617)

• Shell

• Lex trailing whitespace as part of the prompt (#1645)
• Add missing in keyword (#1652)
• SQL - Fix keywords (#1668)

• Typescript: Fix incorrect punctuation handling (#1510, #1511)

• Fix infinite loop in SML lexer (#1625)

• Fix backtracking string regexes in JavaScript/TypeScript, Modula2 and many other lexers (#1637)

• Limit recursion with nesting Ruby heredocs (#1638)

• Fix a few inefficient regexes for guessing lexers

• Fix the raw token lexer handling of Unicode (#1616)

• Revert a private API change in the HTML formatter (#1655) -- please note that private APIs remain subject to change!

• Fix several exponential/cubic-complexity regexes found by Ben Caller/Doyensec (#1675)

• Fix incorrect MATLAB example (#1582)

Thanks to Google's OSS-Fuzz project for finding many of these bugs.

2.7.3

... (truncated)

Changelog

Sourced from pygments's changelog.

Version 2.7.4

(released January 12, 2021)

• Updated lexers:

• Apache configurations: Improve handling of malformed tags (#1656)

• CSS: Add support for variables (#1633, #1666)

• Crystal (#1650, #1670)

• Coq (#1648)

• Fortran: Add missing keywords (#1635, #1665)

• Ini (#1624)

• JavaScript and variants (#1647 -- missing regex flags, #1651)

• Markdown (#1623, #1617)

• Shell

• Lex trailing whitespace as part of the prompt (#1645)
• Add missing in keyword (#1652)
• SQL - Fix keywords (#1668)

• Typescript: Fix incorrect punctuation handling (#1510, #1511)

• Fix infinite loop in SML lexer (#1625)

• Fix backtracking string regexes in JavaScript/TypeScript, Modula2 and many other lexers (#1637)

• Limit recursion with nesting Ruby heredocs (#1638)

• Fix a few inefficient regexes for guessing lexers

• Fix the raw token lexer handling of Unicode (#1616)

• Revert a private API change in the HTML formatter (#1655) -- please note that private APIs remain subject to change!

• Fix several exponential/cubic-complexity regexes found by Ben Caller/Doyensec (#1675)

• Fix incorrect MATLAB example (#1582)

Thanks to Google's OSS-Fuzz project for finding many of these bugs.

Version 2.7.3

(released December 6, 2020)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - @dependabot rebase will rebase this PR - @dependabot recreate will recreate this PR, overwriting any edits that have been made to it - @dependabot merge will merge this PR after your CI passes on it - @dependabot squash and merge will squash and merge this PR after your CI passes on it - @dependabot cancel merge will cancel a previously requested merge and block automerging - @dependabot reopen will reopen this PR if it is closed - @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - @dependabot use these labels will set the current labels as the default for future PRs for this repo and language - @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language - @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language - @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/revbucket/geometric-certificates/network/alerts).

Which code is to reproduce the figure "Network Input Partioning" in readme?

opened on 2020-06-19 06:16:08 by chenwydj

Thank you very much!

Matt Jordan

PhD student @ UT Austin