Due to their susceptibility to adversarial perturbations, neural networks (NNs) are hardly used in safety-critical applications. One measure of robustness to such perturbations in the input is the Lipschitz constant of the input-output map defined by an NN. In this work, we propose a framework to train NNs while at the same time encouraging robustness by keeping their Lipschitz constant small, thus addressing the robustness issue. More specifically, we design an optimization scheme based on the Alternating Direction Method of Multipliers that minimizes not only the training loss of an NN but also its Lipschitz constant resulting in a semidefinite programming based training procedure that promotes robustness. We design two versions of this training procedure. The first one includes a regularizer that penalizes an accurate upper bound on the Lipschitz constant. The second one allows to enforce a desired Lipschitz bound on the NN at all times during training. Finally, we provide two examples to show that the proposed framework successfully increases the robustness of NNs.

通过设计一种基于交替方向乘子法的最优化方案来训练多层神经网络，同时鼓励通过保持其利普希茨常数来促进鲁棒性，从而解决基于输入的扰动的效应以及提高神经网络的鲁棒性。该文设计了两个训练程序，最终提供了两个例子来证明这种方法成功地提高了神经网络的鲁棒性。

使用Lipschitz界限训练鲁棒神经网络