Learning Security Classifiers with Verified Global Robustness Properties
Learning Security Classifiers with Verified Global Robustness Properties
Many recent works have proposed methods to train classifiers with local robustness properties, which can provably eliminate classes of evasion attacks for most inputs, but not all inputs. Since data distribution shift is very common in security applications, e.g., often observed for malware detection, local robustness cannot guarantee that the …