Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

RobustNeuralNetworks.jl: a Package for Machine Learning and Data-Driven Control with Certified Robustness

Nicholas H. Barbara, Max Revay, Ruigang Wang, Jing Cheng, Ian R. Manchester

TL;DR

RobustNeuralNetworks.jl tackles neural network brittleness by providing Recurrent Equilibrium Networks (REN) and Lipschitz-Bounded Deep Networks (LBDN) whose weights are parameterized to automatically satisfy robustness certificates. The package integrates with Flux.jl and offers direct and explicit parameterizations, plus wrappers that separate parameter updates from model evaluation to enable efficient training in data-driven control and RL contexts. It demonstrates practical robustness gains in image classification (MNIST), reinforcement learning for a nonlinear box system, and learning stable observers for nonlinear dynamics, all while preserving standard optimization workflows. This work highlights a scalable path to robust learning-enabled systems suitable for safety-critical applications, with future directions including convolutional LBDNs and continuous-time extensions.

Abstract

Neural networks are typically sensitive to small input perturbations, leading to unexpected or brittle behaviour. We present RobustNeuralNetworks.jl: a Julia package for neural network models that are constructed to naturally satisfy a set of user-defined robustness metrics. The package is based on the recently proposed Recurrent Equilibrium Network (REN) and Lipschitz-Bounded Deep Network (LBDN) model classes, and is designed to interface directly with Julia's most widely-used machine learning package, Flux.jl. We discuss the theory behind our model parameterization, give an overview of the package, and provide a tutorial demonstrating its use in image classification, reinforcement learning, and nonlinear state-observer design.

RobustNeuralNetworks.jl: a Package for Machine Learning and Data-Driven Control with Certified Robustness

TL;DR

RobustNeuralNetworks.jl tackles neural network brittleness by providing Recurrent Equilibrium Networks (REN) and Lipschitz-Bounded Deep Networks (LBDN) whose weights are parameterized to automatically satisfy robustness certificates. The package integrates with Flux.jl and offers direct and explicit parameterizations, plus wrappers that separate parameter updates from model evaluation to enable efficient training in data-driven control and RL contexts. It demonstrates practical robustness gains in image classification (MNIST), reinforcement learning for a nonlinear box system, and learning stable observers for nonlinear dynamics, all while preserving standard optimization workflows. This work highlights a scalable path to robust learning-enabled systems suitable for safety-critical applications, with future directions including convolutional LBDNs and continuous-time extensions.

Abstract

Neural networks are typically sensitive to small input perturbations, leading to unexpected or brittle behaviour. We present RobustNeuralNetworks.jl: a Julia package for neural network models that are constructed to naturally satisfy a set of user-defined robustness metrics. The package is based on the recently proposed Recurrent Equilibrium Network (REN) and Lipschitz-Bounded Deep Network (LBDN) model classes, and is designed to interface directly with Julia's most widely-used machine learning package, Flux.jl. We discuss the theory behind our model parameterization, give an overview of the package, and provide a tutorial demonstrating its use in image classification, reinforcement learning, and nonlinear state-observer design.
Paper Structure (37 sections, 11 equations, 9 figures, 1 table)

This paper contains 37 sections, 11 equations, 9 figures, 1 table.

Table of Contents

  1. Introduction
  2. Package overview
  3. What are RENs and LBDNs?
  4. Robustness metrics and IQCs
  5. Contracting systems
  6. Incremental IQCs
  7. Lipschitz bounds (smoothness)
  8. Incremental passivity
  9. Direct and explicit parameterizations
  10. Implementation
  11. Types of direct parameterizations
  12. Explicit model wrappers
  13. Separating parameters and models
  14. Examples
  15. Image classification
  16. ...and 22 more sections

Figures (9)

  • Figure 1: Feedback structure of a recurrent equilibrium network.
  • Figure 2: Simulation of a contracting REN with a single internal state. The system is simulated from two different initial states with the same sinusoidal input. The contracting system exponentially forgets its initial condition.
  • Figure 3: Association of models and their parameters in (a) Flux.jl and (b) RobustNeuralNetworks.jl. In (a), model parameters $\theta$ are associated with the model. In (b), the direct parameters $\theta$ are associated with the parameterization model_ps, and are converted to explicit parameters $\bar{\theta}$ when the model is constructed for evaluation with REN().
  • Figure 4: Examples of classifications from the trained LBDN model on the MNIST dataset.
  • Figure 5: Comparison of test accuracy on the MNIST dataset as a function of random perturbation magnitude $\epsilon$. The LBDN model is significantly more robust than a standard Dense network.
  • ...and 4 more figures

Theorems & Definitions (1)

  • Remark 1