ML Security PapersCertified geometric robustness -- Super-DeepG
Noémie Cohen 1,2, Mélanie Ducoffe 1,2, Christophe Gabreau 1, Claire Pagetti 2, Xavier Pucel 2
Published on arXiv
2604.24379
Input Manipulation Attack
OWASP ML Top 10 — ML01
Key Finding
Outperforms prior geometric robustness certification methods in both precision and computational efficiency
Super-DeepG
Novel technique introduced
Safety-critical applications are required to perform as expected in normal operations. Image processing functions are often required to be insensitive to small geometric perturbations such as rotation, scaling, shearing or translation. This paper addresses the formal verification of neural networks against geometric perturbations on their image dataset. Our method Super-DeepG improves the reasoning used in linear relaxation techniques and Lipschitz optimization, and provides an implementation that leverages GPU hardware. By doing so, Super-DeepG achieves both precision and computational efficiency of robustness certification, to an extent that outperforms prior work. Super-DeepG is shared as an open-source tool on GitHub.
Key Contributions
- Formal verification method for certifying robustness against geometric perturbations
- GPU-accelerated implementation combining linear relaxation and Lipschitz optimization
- Open-source tool achieving improved precision and efficiency over prior certified defense work
🛡️ Threat Analysis
Defends against geometric adversarial perturbations (rotation, scaling, shearing, translation) that could cause misclassification at inference time — these are input manipulation attacks.