Neural networks are typically sensitive to small input perturbations, leading to unexpected or brittle behaviour. We present RobustNeuralNetworks.jl: a Julia package for neural network models that are constructed to naturally satisfy robustness constraints. We discuss the theory behind our model parameterisation, give an overview of the package, and demonstrate its use in image classification, reinforcement learning, and nonlinear robotic control.
Modern machine learning relies heavily on rapidly training and evaluating neural networks in problems ranging from image classification to robotic control. However, most existing neural network architectures have no robustness certificates, making them sensitive to even small input perturbations and highly susceptible to poor data quality, adversarial attacks, and other forms of input disturbances. The few neural network architectures proposed in recent years that offer solutions to this brittle behaviour rely on explicitly enforcing constraints during training to “smooth” the network response. These methods are computationally expensive, making them slow and difficult to scale up to complex real-world problems.
Recently, we proposed the Recurrent Equilibrium Network (REN) architecture as a computationally efficient solution to these problems. The REN architecture is flexible in that it includes all commonly used neural network models, such as fully-connected networks, convolutional neural networks, and recurrent neural networks. The weight matrices and bias vectors in a REN are directly parameterised to naturally satisfy behavioural constraints chosen by the user. For example, the user can build a REN with a given Lipschitz constant to ensure the output of the network is quantifiably less sensitive to unexpected input perturbations. Other common options include contracting RENs and input/output passive RENs.
The direct parameterisation of RENs means that no additional constrained optimization methods are needed to train the networks to be less sensitive to attacks or perturbations. We can therefore train RENs with standard, unconstrained optimization methods (such as gradient descent) while also guaranteeing their robustness. Achieving the “best of both worlds” in this way is unique to our REN model class, and allows us to freely train RENs for common machine learning problems as well as more difficult applications where safety and robustness are critical.
In this talk, we will present our RobustNeuralNetworks.jl package. The package is built around the AbstractREN type, encoding the REN model class. It relies heavily on key features of the Julia language (such as multiple dispatch) for a neat, efficient implementation of RENs, and can be used alongside Flux.jl to solve machine learning problems with and without robustness requirements, all in native Julia.
We will give a brief introduction to the fundamental theory behind our direct parameterisation of neural networks, and outline what we mean by nonlinear robustness. We will follow this with a detailed overview of the RobustNeuralNetworks.jl package structure, including the key types and methods used to construct and implement a REN. To conclude, we will demonstrate some interesting applications of our Julia package for REN in our own research, including in:
Ultimately, we hope to show how RENs will be useful to the wider Julia machine learning community in both research and industry applications. For more information on the REN model class and its uses, please see our two recent papers https://arxiv.org/abs/2104.05942 and https://doi.org/10.1109/LCSYS.2022.3184847.