Update: Accepted at ICML 2025.
We leverage Lipschitz constrained neural networks to efficiently compute Conformal Prediction (CP) sets that certify correct conformal coverage under adversarial conditions. Our method has the advantage of being efficient, scalable and compatible with the certification of worst-case coverage variations for vanilla (non-robust) CP.
Performance comparison across robust CP methods.
Runtime comparison across robust CP methods on the CIFAR-10 test set.
Coverage guarantees for vanilla CP under bounded perturbations.
Robust conformal prediction: Notebook
Worst-case coverage bounds for vanilla CP under adversarial noise: Notebook
Efficient Robust CP.
usage: scripts/fast_rcp.py [-h] [--dataset DATASET] [--num_batches NUM_BATCHES] [--on_gpu ON_GPU]
[--score_fn SCORE_FN][--alpha ALPHA] [--epsilon EPSILON] [--batch_size BATCH_SIZE]
[--temp TEMP] [--bias BIAS][--num_iters NUM_ITERS] [--large] [--model_path MODEL_PATH]Vanilla CP Coverage Bounds.
usage: scripts/vcp_coverage.py [-h] [--alpha ALPHA] [--batch_size BATCH_SIZE] [--bias BIAS]
[--delta DELTA] [--epsilon EPSILON] [--temp TEMP] [--n_iters N_ITERS]
Additional work
We also provide a fast linear programming algorithm to compute the maximum quantile shift under calibration time adversarial attacks.
usage: scripts/poisoning.py [-h] [--alpha ALPHA] [--bias BIAS] [--temp TEMP] [--epsilon EPSILON]
[--n_samples N_SAMPLES] [--batch_size BATCH_SIZE]where n_samples is the number of attacked samples with budget epsilon in the calibration set for the attack.
| Method | Paper | Code Repository |
|---|---|---|
| RSCP | Paper | GitHub |
| RSCP+ | Paper | GitHub |
| aPRCP | Paper | GitHub |
| VRCP | Paper | GitHub |
| CAS | Paper | GitHub |
| PCP | Paper | GitHub |
| BinCP (new) | Paper | GitHub |
@unpublished{massena:hal-04936823,
TITLE = {{Efficient Robust Conformal Prediction via Lipschitz-Bounded Networks}},
AUTHOR = {Massena, Thomas and And{\'e}ol, L{\'e}o and Boissin, Thibaut and Friedrich, Corentin and Mamalet, Franck and Serrurier, Mathieu and Gerchinovitz, S{\'e}bastien},
URL = {https://hal.science/hal-04936823},
NOTE = {working paper or preprint},
YEAR = {2025},
MONTH = Feb,
KEYWORDS = {Conformal prediction ; Robustness ; Lipschitz neural network},
PDF = {https://hal.science/hal-04936823v1/file/_ArXiv__Efficient_Robust_Conformal_Prediction_via_Lipschitz_Bounded_Networks.pdf},
HAL_ID = {hal-04936823},
HAL_VERSION = {v1},
}
This work has benefited from the support of the DEEL project, with fundings from the Agence Nationale de la Recherche, and which is part of the ANITI AI cluster.