Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

COLEP: Certifiably Robust Learning-Reasoning Conformal Prediction via Probabilistic Circuits

Mintong Kang, Nezihe Merve Gürel, Linyi Li, Bo Li

TL;DR

This work tackles the challenge of maintaining conformal prediction guarantees under test-time adversarial perturbations by integrating knowledge-enabled reasoning with learning. It introduces COLEP, a learning-reasoning pipeline where a main model and multiple knowledge models feed a PC-based reasoning module to produce corrected class probabilities, which are then used in a split conformal predictor. The authors establish end-to-end robustness certificates by propagating perturbation bounds from the learning component through the reasoning PCs, plus worst-case and finite-sample analyses, and prove that COLEP can outperform a single model in both coverage and accuracy when knowledge utilities are non-trivial. Empirically, COLEP yields substantial gains in certified coverage (up to 12% on GTSRB, 9% on CIFAR-10, 14% on AwA2) and maintains competitive runtimes, validating the approach on diverse benchmarks and illustrating the value of knowledge-guided reasoning for robust uncertainty quantification in safety-critical settings.

Abstract

Conformal prediction has shown spurring performance in constructing statistically rigorous prediction sets for arbitrary black-box machine learning models, assuming the data is exchangeable. However, even small adversarial perturbations during the inference can violate the exchangeability assumption, challenge the coverage guarantees, and result in a subsequent decline in empirical coverage. In this work, we propose a certifiably robust learning-reasoning conformal prediction framework (COLEP) via probabilistic circuits, which comprise a data-driven learning component that trains statistical models to learn different semantic concepts, and a reasoning component that encodes knowledge and characterizes the relationships among the trained models for logic reasoning. To achieve exact and efficient reasoning, we employ probabilistic circuits (PCs) within the reasoning component. Theoretically, we provide end-to-end certification of prediction coverage for COLEP in the presence of bounded adversarial perturbations. We also provide certified coverage considering the finite size of the calibration set. Furthermore, we prove that COLEP achieves higher prediction coverage and accuracy over a single model as long as the utilities of knowledge models are non-trivial. Empirically, we show the validity and tightness of our certified coverage, demonstrating the robust conformal prediction of COLEP on various datasets, including GTSRB, CIFAR10, and AwA2. We show that COLEP achieves up to 12% improvement in certified coverage on GTSRB, 9% on CIFAR-10, and 14% on AwA2.

COLEP: Certifiably Robust Learning-Reasoning Conformal Prediction via Probabilistic Circuits

TL;DR

This work tackles the challenge of maintaining conformal prediction guarantees under test-time adversarial perturbations by integrating knowledge-enabled reasoning with learning. It introduces COLEP, a learning-reasoning pipeline where a main model and multiple knowledge models feed a PC-based reasoning module to produce corrected class probabilities, which are then used in a split conformal predictor. The authors establish end-to-end robustness certificates by propagating perturbation bounds from the learning component through the reasoning PCs, plus worst-case and finite-sample analyses, and prove that COLEP can outperform a single model in both coverage and accuracy when knowledge utilities are non-trivial. Empirically, COLEP yields substantial gains in certified coverage (up to 12% on GTSRB, 9% on CIFAR-10, 14% on AwA2) and maintains competitive runtimes, validating the approach on diverse benchmarks and illustrating the value of knowledge-guided reasoning for robust uncertainty quantification in safety-critical settings.

Abstract

Conformal prediction has shown spurring performance in constructing statistically rigorous prediction sets for arbitrary black-box machine learning models, assuming the data is exchangeable. However, even small adversarial perturbations during the inference can violate the exchangeability assumption, challenge the coverage guarantees, and result in a subsequent decline in empirical coverage. In this work, we propose a certifiably robust learning-reasoning conformal prediction framework (COLEP) via probabilistic circuits, which comprise a data-driven learning component that trains statistical models to learn different semantic concepts, and a reasoning component that encodes knowledge and characterizes the relationships among the trained models for logic reasoning. To achieve exact and efficient reasoning, we employ probabilistic circuits (PCs) within the reasoning component. Theoretically, we provide end-to-end certification of prediction coverage for COLEP in the presence of bounded adversarial perturbations. We also provide certified coverage considering the finite size of the calibration set. Furthermore, we prove that COLEP achieves higher prediction coverage and accuracy over a single model as long as the utilities of knowledge models are non-trivial. Empirically, we show the validity and tightness of our certified coverage, demonstrating the robust conformal prediction of COLEP on various datasets, including GTSRB, CIFAR10, and AwA2. We show that COLEP achieves up to 12% improvement in certified coverage on GTSRB, 9% on CIFAR-10, and 14% on AwA2.
Paper Structure (41 sections, 11 theorems, 118 equations, 5 figures, 7 tables)

This paper contains 41 sections, 11 theorems, 118 equations, 5 figures, 7 tables.

Table of Contents

  1. Introduction
  2. Related work
  3. Preliminaries
  4. Learning-Reasoning Pipeline for Conformal Prediction
  5. Overview of COLEP
  6. Reasoning via Probabilistic Circuits
  7. Conformal Prediction with COLEP
  8. Certifiably Robust Learning-Reasoning Conformal Prediction
  9. Certification Framework and Certification of the Reasoning Component
  10. Certifiably Robust Conformal Prediction
  11. Theoretical Analysis of COLEP
  12. Characterization of Models and Knowledge Rules
  13. Effectiveness of the Reasoning Component with PCs
  14. Comparison between COLEP and Single Main Model
  15. Experiments
  16. ...and 26 more sections

Key Result

Theorem 1

Given any input $x$ and perturbation bound $\delta$, we let $[\underline{\hat{\pi}_{\small j_{\forall}}}(x),\overline{\hat{\pi}_{\small j_{\forall}}}(x)]$ be bounds for the estimated conditional class and concept probabilities by all models with $\small j_{\forall}\in[N_c+L]$ (for example, achieved where $T(a,b)=\log(ab+(1-a)(1-b))$. We similarly give the lower bound ${\mathbb{L}}[\hat{\pi}_j^{\t

Figures (5)

  • Figure 1: Overview of COLEP.
  • Figure 2: Comparison of certified coverage between COLEP ($\tau^{\texttt{COLEP}_{\text{cer}}}$) and RSCP under bounded perturbations $\delta=0.125,0.25,0.50$ on GTSRB, CIFAR-10, and AwA2. The upper bound of certified coverage $\tau_{(\text{cer})}$ is 0.9.
  • Figure 3: Comparison of the marginal coverage and averaged set size for CP, RSCP, and COLEP under PGD attack ($\delta=0.25$) on GTSRB, CIFAR-10, and AwA2. The nominal coverage level (green line) is 0.9.
  • Figure 4: Overview of prediction certification of COLEP. The certification setting is that the inference time adversaries can violate the data exchangeability assumption, compromising the guaranteed coverage. Therefore, the certification generally achieves the following three goals. (1) We can preserve the guaranteed coverage using a prediction set that takes the perturbation bound into account (\ref{['thm:cer_set']}), achieved by computing the probability bound of models before the reasoning component (by randomized smoothing) and the bound after the reasoning component (by \ref{['thm:pc_rob']}). (2) We prove the worst-case coverage (a lower bound) if we use the standard prediction set as before (\ref{['thm:worst_case']}). (3) We theoretically show that COLEP can achieve a better prediction coverage (\ref{['thm:comp2']}) and prediction accuracy (\ref{['thm:comp_1']}) than a data-driven model without the reasoning component.
  • Figure 5: Certified coverage of COLEP under bounded perturbation $\delta=0.25$ on GTSRB and CIFAR-10 with different types of knowledge rules.

Theorems & Definitions (22)

  • Theorem 1: Bounds for Conditional Class Probabilities $\hat{\pi}_j^{\texttt{COLEP}}(x)$ within the Reasoning Component
  • Theorem 2: Certifiably Robust Conformal Prediction of COLEP
  • Theorem 3: Certified (Worst-Case) Coverage of COLEP
  • Lemma 5.1: Effectiveness of the Reasoning Component
  • Theorem 4: Comparison of Marginal Coverage of COLEP and Main Model
  • Theorem 5: Comparison of Prediction Accuracy of COLEP and Main Model
  • Definition 1: Probabilistic Circuit
  • Lemma C.1: Randomized Smoothing cohen2019certified
  • proof : Proof of \ref{['thm:pc_rob']}
  • Lemma F.1: Function Monotonicity within PCs
  • ...and 12 more